v6.11.0

📅 Jan 8, 2026📦 ghostView on GitHub →

✨ 2 features🐛 7 fixes

Summary

This release focuses heavily on security fixes, addressing several critical vulnerabilities including authorization bypass, SSRF, and SQL injection. It also introduces a new Admin API endpoint for browsing comments and a warning for oversized posts.

✨ New Features

Added warning when a post's size exceeds email clients clipping length.
Added Admin API endpoint for browsing all comments.

🐛 Bug Fixes

Fixed staff token authorization bypass via trailing slash mismatch.
Fixed potential SSRF via media inliner.
Fixed SQL injection vulnerability in click event query.
Fixed ability to bypass Staff User 2FA flow.
Fixed overly permissive publication locale setting.
Fixed missing member discount data after migrations.
Update Portuguese translations for Portal.