This release contains a potentially breaking change for the sake of security.
What's fixed
- Antlers hardening (Breaking: See PR for upgrade notes) #14092 by @jasonvarga
- External Glide URL validation #14101 by @jasonvarga
- Harden redirects #14099 by @jasonvarga
- Harden auth redirects #14089 by @duncanmcclean
- Fix user fieldtype search #14084 by @duncanmcclean
- Fix user name and email logic #14079 by @jasonvarga
- Sanitize SVGs #14077 by @jasonvarga
- Fix CSRF token on pages excluded from static caching #14056 by @duncanmcclean
- Improve PDF Viewer #14045 by @duncanmcclean
- Throw UnableToReadFile for invalid images in ImageGenerator #14043 by @mmodler
- Antlers user content and config #14058 by @jasonvarga
- Block methods in Antlers by default #14059 by @jasonvarga