Looking to upgrade?
Check the Upgrade Guide for assistance
Security
Major enhancement
-
Add
allow-same-origin to the sandbox Content-Security-Policy directive of workspace and artifact browsers if the Resource Root URL feature is not used.
Allow requests to resources like stylesheets and images, even if a reverse proxy prohibits cross-site requests.
issue 71366
Major bug fix
-
The plain text console log will still be printed even if some console annotations are corrupt.
issue 61452
Bug fix
-
New login page breaks
login-theme-plugin (regression in 2.404).
issue 71238
-
Fix invalid CSS which caused some buttons to become invisible on hover (regression in 2.402).
issue 71238