• Security fix: Improper permission handling when comparing revisions (Seoyoung Kang, Jake Howard)
• Security fix: Improper permission handling when viewing page history (Seoyoung Kang, Jake Howard, Dan Braghis)
• Security fix: Improper permission handling when deleting form submissions (Vishal Shukla, Jake Howard)
• Security fix: Improper restriction handling on Documents and Images API (Sanjok Karki, Jake Howard)
• Security fix: Improper permission handling when copying pages (Sanjok Karki, Matt Westcott)
• Fix: Use protocol-relative URLs in the userbar for compatibility with environments where Django does not detect the protocol (Sage Abdullah)
• Fix: Index the contents of image descriptions as well as titles, for CMS search (Advik Sharma)
• Fix: Avoid creating a new editing session when updating UI elements after an autosave (Sage Abdullah)
• Fix: Group audit log entries for autosave operations in page history view (Sage Abdullah)
• Fix: Retain page explorer header buttons when searching or filtering (Sage Abdullah)
• Fix: Correctly escape the sizes attribute in responsive image template tags (Jake Howard)
• Fix: Add accessible label to userbar aside element for accessibility (Kalash Kumari Thakur)
• Fix: Pause SessionController pings during autosave to prevent conflict notification with own session (Sage Abdullah)
• Fix: Ensure live preview does not get stuck when edits occur during an in-progress update (Aniket Singh)
• Fix: Ensure only one autosave request can happen at a time to prevent incorrect conflict notifications with the current session (Sage Abdullah)
• Fix: Prevent incorrect concurrent editing conflict notifications when doing a manual save (Sage Abdullah)