• Fixed an error that could occur if the purgeStaleUserSessionDuration config setting was set to a duration interval string. (#18238)
• Fixed a bug where image transforms weren’t getting regenerated on Local filesystems, if the transform params changed and the asset transform index had been cleared. (#18249)
• Fixed a bug where custom Login page logos could be sized incorrectly. (#18229)
• Fixed a bug where element index pages weren’t preserving “Trashed” status selections between page loads. (#18230)
• Fixed a bug where it was possible to suspend SSO-based user accounts.
• Fixed an error that could occur a nested element’s field layout no longer existed. (#18246)
• Fixed a bug where selecting new elements within relation fields could cause multiple draft saves in quick succession.
• Fixed a bug where verification emails weren’t getting sent when a user without the “Administrate users” permission changed a user account’s email address.
• Fixed a bug where MP3 files weren’t always being properly recognized. (#18243)
• Fixed a bug where deeply-nested slideouts could cause visual glitches in Chromium-based browsers. (#18255)
• Fixed low-severity XSS vulnerabilities. (GHSA-6j87-m5qx-9fqp, GHSA-3jh3-prx3-w6wc)
• Fixed moderate-severity SSRF vulnerabilities. (GHSA-gp2f-7wcm-5fhx, GHSA-v2gc-rm6g-wrw9)
• Fixed a moderate-severity TOCTOU vulnerability. (GHSA-6fx5-5cw5-4897)