Security update

• #3505844: Implement flood protection
• Drupal 11 compatibility

Fix XSS issue - sanitisation of rot13 decoded text. Requires admin access or admin (mis)configuration of text filters to allow Full HTML text format for non-admins (or equivalent) and other configuration steps before this issue can be exploited.

- Translate any kind of translatable entities (incl. Media, Paragraphs, URL aliases)
- Use SharedTempStorage for eTranslation requests
- Support for MT providers not allowing XML translation
- Option to disable auto translation
- Check for missing languages on entity save events
- Fix for error "TypeError: strlen(): Argument #1 ($string) must be of type string, array given in strlen()"

This is a security release of the Drupal 10 series.

This release fixes a security vulnerability. Sites are urged to update immediately after reading the notes below and the security announcement:

• Drupal core - Moderately critical - Cross-Site Scripting - SA-CORE-2025-004

No other fixes are included.

This is a security release of the Drupal 10 series.

This release fixes a security vulnerability. Sites are urged to update immediately after reading the notes below and the security announcement:

• Drupal core - Moderately critical - Cross-Site Scripting - SA-CORE-2025-004

No other fixes are included.

This is a security release of the Drupal 11 series.

This release fixes a security vulnerability. Sites are urged to update immediately after reading the notes below and the security announcement:

• Drupal core - Moderately critical - Cross-Site Scripting - SA-CORE-2025-004

No other fixes are included.