Today we are releasing 3.5.4 to fix potential XSS attacks from unvalidated uploaded SVG or XML files: Release 3.5.4 ยท getkirby/kirby ยท GitHub
When you cannot trust your panel editors or you are offering file uploads on your website that accept SVG or XML files, this vulnerability is critical and you should patch your installation immediately! You can find more about it in our security advisory: