Critical security patch

This release contains a security patch related to the usage of Twig code in the Twig Snippet plugin, and in the site-wide <head> and <body>.

The Twig template engine currently has a vulnerability with how some of its filters are implemented, where it is possible for a designer or an administrator who is aware of the vulnerability to execute arbitrary CLI code on the server.

This update disables the ability for designers/administrators to call the affected filters.

Other fixes

We've fixed a visual glitch where administrators could always see the "Delete archived versions" and "Rescan text/image extract" buttons in the Content Items panel in Organizer, even if they didn't have the permissions needed to actually press them.

Thanks to...

larchik from T.Hunter for finding this.