6.11.0

🔒 Fixed staff token authorization bypass via trailing slash mismatch (#25805) - Michael Barrett
🔒 Fixed potential SSRF via media inliner (#25807) - Michael Barrett
🔒 Fixed SQL injection vulnerability in click event query (#25804) - Michael Barrett
🔒 Fixed ability to bypass Staff User 2FA flow (#25806) - Michael Barrett
✨ Added warning when a post's size exceeds email clients clipping length (#25798) - Kevin Ansfield
✨ Added Admin API endpoint for browsing all comments (#25700) - Rob Lester
🐛 Fixed overly permissive publication locale setting (#25774) - Jannis Fedoruk-Betschki
🐛 Fixed missing member discount data after migrations (#25720) - Sag
🌐 Update Portuguese translations for Portal (#25704) - Mateus Ribeiro

View the changelog for full details: https://github.com/tryghost/ghost/compare/v6.10.3...v6.11.0

🔒 Fixed staff token authorization bypass via trailing slash mismatch (#25805) - Michael Barrett
🔒 Fixed potential SSRF via media inliner (#25807) - Michael Barrett
🔒 Fixed SQL injection vulnerability in click event query (#25804) - Michael Barrett
🔒 Fixed ability to bypass Staff User 2FA flow (#25806) - Michael Barrett
✨ Added warning when a post's size exceeds email clients clipping length (#25798) - Kevin Ansfield
✨ Added Admin API endpoint for browsing all comments (#25700) - Rob Lester
🐛 Fixed overly permissive publication locale setting (#25774) - Jannis Fedoruk-Betschki
🐛 Fixed missing member discount data after migrations (#25720) - Sag
🌐 Update Portuguese translations for Portal (#25704) - Mateus Ribeiro

View the changelog for full details: https://github.com/tryghost/ghost/compare/v6.10.3...v6.11.0

Ghost