releasenotes/notes/bug-cd9099c1ba78d637.yaml


1
2
3
4
5
6
7

---
security:
  - |
    An open redirect has been fixed, that could redirect users to arbitrary
    addresses from certain views by specifying a "next" parameter in the URL.
    Now the redirect will only work if the target URL is in the same domain,
    and uses the same protocol.