Fix. Rector. Automatic patch applied. Fix. Prevent duplicated cookie setting to avoid varnish cache overload. Mod. Common. Do not set "ct_pointer_data" cookie if Bot Detector feature enabled. Fix. Common. Custom nodes creation protect. Fixed email address gain. Fix. SFW. Remove cron tasks if SFW is disabled. Fix. Common. Topic add protection. Use user->mail as sender_email if applicable. Fix. SFW update. UA list. Fixed SQL error due semicolon existed in the UA regex. Fix. SFW. AntiFlood constructor fixed.
Harden image download in Canvas AI.
Permission should have restrict access flag.
Security fix
Fixes #3575516: Fix XSS issue in Tagify autocomplete and select widget JavaScript (a security issue).
