Changelog
- Try all available methods when attempting to download transport packages [#13419]
- Prevent stored XSS in UserGroup names and various other fields [#13418]
- Prevent user/email enumeration in forgot password feature [#13408]
- Prevent XSS cache poisoning via Host header [#13426]
- Proper use of json_encode and error handling for outputArray() in processors [#13389]
- Prevent reflected XSS in setup [#13424]
- Fix local file inclusion vulnerability in setup action parameter [#13422]
- Fix various local file inclusion preventions to also protect on windows [#13428]
- Remove htaccess from allowed file types on new installations [#13423]
- Prevent stored XSS in resource pagetitle [#13415]
- Make search bar work as expected on Chrome & Firefox [#13405]