What's Changed
- Security fix: Authenticated (Editor and above) Stored Cross-Site Scripting (XSS) via recommendation titles. Titles are now sanitized when saved, and existing recommendations are cleaned up via an update script.
- Thanks to hongdo for responsibly disclosing this issue via the Patchstack Bug Bounty Program.