This release mitigates a potential security issue with the image endpoint. In short, an attacker can inject query parameters and make proxied requests to arbitrary URLs. See the security advisory for details.

Also there are fixes for the database connection pool. The pool size is now at least two, as a lower size can result in deadlocks. Additionally there are now connection timeouts added. If your server logs show pool timeout errors, you should increase database.pool_size in the Lemmy config.

• Fix for image proxy filetypes by @dessalines in #6357
• Enable DB connection timeout by @Nutomic in #6355
• Use min database pool size of 2. by @dessalines in #6345

https://github.com/LemmyNet/lemmy/security/advisories/GHSA-jvxv-2jjp-jxc3