Security update

Refactoring of the way HTTP Request results are fetched when working with ECA module.
Possible information disclosure with race conditions could have happen when dealing with parallel action execution.
Please update your actions by defining a unique token (ECA Token) to be used later on when fetching the results.

Pull Syndication Final Release:

• Added Service Queue Support to drush ach-rq import Command.
• Drush command ach-client extended to return metadata with client-details.
• Enhanced Publisher Dashboard to show updated details as per Syndication strategy.
• Dashboard imports in Pull Mode now function seamlessly.

Bug Fixes, Security Updates:

• Php 8.4 deprecation fixed.
• Fix to apply correct webhook version based on selection.
• Security Fix for XSRF vulnerability.
• Fix for ClientCdfLanguage::__construct() - fatal error.
• Sql error fix for LayoutBuilderInlineBlockStubCleanup, while fetching block.

• Php 8.4 deprecation fixed.
• Fix to apply correct webhook version based on selection.
• Security Fix for XSRF vulnerability.
• Fix for ClientCdfLanguage::__construct() - fatal error.
• Sql error fix for LayoutBuilderInlineBlockStubCleanup, while fetching block.

Security Fixes

This release addresses SA-CONTRIB-2025-XXX
(#3491766) and implements comprehensive security hardening.

This is a security update. All users of the Disable Login module are strongly encouraged to update.

This release improves how the module enforces access restrictions on user authentication routes. The module is intended to prevent user logins, but in some configurations, not all login endpoints received the correct access checks. This update ensures that access control is consistently applied across all login-related routes, including programmatic authentication paths.

Changes in this release:

Added missing access requirement to specific login routes.