5.130.6

• 🔒 Fixed staff token authorization bypass via trailing slash mismatch (#25805) - Michael Barrett
• 🔒 Fixed potential SSRF via media inliner (#25807) - Michael Barrett
• 🔒 Fixed SQL injection vulnerability in click event query (#25804) - Michael Barrett
• 🔒 Fixed ability to bypass Staff User 2FA flow (#25806) - Michael Barrett

---

View the changelog for full details: v5.130.5...v5.130.6