The security and bug fixes shipped in the hotfix_v2.4.x series haven't been
merged back into develop. Anyone tracking develop is missing several
security-relevant fixes (MFA flow, XSS sanitization, cache-control headers,
GHSA-vjc3-7jwv-j9qf, GHSA-w78h-mx7h-qm3h, GHSA-g588-5gmf-p5cx,
GHSA-8hwq-v6vm-9grr, GHSA-qhqj-8qw6-wp8v) as well as a number of bug fixes.
Full gap:
develop...hotfix_v2.4.29
Is there a plan to merge these back, or is hotfix intentionally kept separate from develop?
The security and bug fixes shipped in the hotfix_v2.4.x series haven't been
merged back into develop. Anyone tracking develop is missing several
security-relevant fixes (MFA flow, XSS sanitization, cache-control headers,
GHSA-vjc3-7jwv-j9qf, GHSA-w78h-mx7h-qm3h, GHSA-g588-5gmf-p5cx,
GHSA-8hwq-v6vm-9grr, GHSA-qhqj-8qw6-wp8v) as well as a number of bug fixes.
Full gap:
develop...hotfix_v2.4.29
Is there a plan to merge these back, or is hotfix intentionally kept separate from develop?