- Added
craft\gql\base\MutationResolver::requireAllowedSite(). - Fixed a bug where JSON fields weren’t JSON-decoding values saved via GraphQL mutations. (#19230)
- Fixed an error that could occur when reassigning entries to a new author when deleting a user. (#19154)
- Fixed a bug where
craft\web\twig\variables\CraftVariable::$rebrandwas getting defined for Craft Team installs. (#19249) - Fixed a bug where “All entries” and “All users” sources could be listed above other sources in relation field settings. (#19185)
- Fixed high-severity authorization bypass vulnerabilities.
- Fixed moderate-severity authorization bypass vulnerabilities.
- Fixed a moderate-severity permission escalation vulnerability.
- Fixed low-severity XSS vulnerabilities.
- Fixed a low-severity authorization bypass vulnerability.