Version 2.2.15 - Bonaventure
-------------------------------
Core - General
- BR #12287 - Admin shortcuts popup refers to IRC.
- BR #12292 - showbase parameter of metadata tag doesn't accept boolean value.
- BR #12303 - No date displayed in the admin + category id not incremented.
- BR #12305 - Removing actual Destination Page breaks Destination Page dropdown in Internal Page Link pages.
- BR #12311 - log_performance_info - undefined variable: queries.
- BR #12313 - 5 Stored XSS vulnerabilities in Settings - Content Manager.
- BR #12317 - XSS on Settings News Module.
- BR #12325 - Several XSS vulnerabilities.
- BR #12335 - User pref admin homepage not properly displayed under certain conditions.
- BR #12337 - GetContentBlockFieldInput $adding always false.
- BR #12338 - Allow http/2 responses.
- BR #12357 - Filepicker dropzone size issue.
- FR #12345 - More user friendly admin session handling (partly implemented).
- FR #12349 - Swap tabs on System Maintenance page.
- Browsing to the main admin page in a new browser tab during a running session won't redirect to login form anymore.
- (Error) messages in OneEleven won't dismiss on click.
- Fix to Admin redirection after login on Windows platform.
- Fix to the module API redirection to support arrays in parameters.

FileManager v1.6.12
- Dropzone improvement like core FilePicker.

FilePicker v1.0.5
- BR #11673 - FilePicker will not show svg images, when in the Content Manager.
- BR #12312 - Stored XSS vulnerability in File Picker.

News v2.51.11
- Minor code fix to encoding title content.
- BR #12322 - Stored Cross-Site Scripting. Minor, because it can only be performed by a person that has access rights to the Admin panel.
- BR #12325 - Several XSS vulnerabilities.

Design Manager v1.1.9
- Minor fixes for PHP warnings\notices;

Module Manager v2.1.8
- BR #12291 - Reflected Cross site scripting
- BR #12324 - Stored Cross-Site Scripting. Minor, because it can only be performed by a person that has access rights to the Admin panel.
- Increased the Download Chunk Size field size to 4.

MicroTiny v2.2.5
- BR #12351 - Escaping translation strings in tinymce_config.js.

Search v1.52
- FR #11886 - Include module and modulerecord fields for content pages.

Phar Installer v1.3.13
- Fixes to the reload button: now prevents browser's caching
- BR #11591 - fixed: Phar installer doesn't work with OPCache enabled