#1399779 (Bug #87077) Fixed an XSS vulnerability where labels in search results were not being escaped correctly.
#1398683, #1398909, #1399266, #1399692, #1400199 (Bugs #86663, #86950, #87024) Fixed multiple vulnerabilities involving symlinks. The system now refuses to preview, archive or delete the target of symlinks. Previously, symlinks could be abused to disclose data or remove files on the Swarm server that the user does not have permission to access. Note: The archive feature now requires the 'zip' command. Support for PHP's 'zip' extension has been removed. If the 'zip' command cannot be found, the archive button will not appear.
#1394659 (Bug #86805) Fixed an XSS vulnerability where HTML in project descriptions was not being escaped correctly on the home page.