What's fixed
- Fix config through Antlers views #14328 by @jasonvarga
- Sanitize password reset form redirect value #14327 by @jasonvarga
- Restrict markdown preview endpoint #14326 by @jasonvarga
- Add authorization to revision routes #14301 by @duncanmcclean
- Add CSP header to svg route #14325 by @jasonvarga
- Relationship fieldtype authorization tweaks #14307 by @duncanmcclean
- Allow external redirects from Form::getSubmissionRedirect #14318 by @jasonvarga
- Handle more cases in external url detection #14312 by @jasonvarga
- Fix live preview token scope #14304 by @jasonvarga
- Fix PHP sanitization edge cases #14300 by @duncanmcclean