Fixed possibility for XML External Entity attacks and Server-Side Request Forgery if a snapshot file is compromised - CVE-2020-35543.
Fixed possibility for Cross-Site Scripting (XSS) attack in the project name validation when deploying snapshots - CVE-2020-35544.
Fixed a problem where some properties of an existing user are shown to be modified during deployment even though they wouldn’t be.
Fixed a problem where a request type assignee field preset value is missing after deployment.
Fixed JSD Email Channel NoSuchMethodError on JSD 4.5.9.
Fixed problem with model migration not working with binary snapshots with dates.
Fixed a problem with partially failing ranking due to an unexpected database exception.
deleteConfiguration method of the Custom Fields SPI was not called when a custom field was deleted in restore mode.