---
security:
  - |
    An open redirect has been fixed, that could redirect users to arbitrary
    addresses from certain views by specifying a "next" parameter in the URL.
    Now the redirect will only work if the target URL is in the same domain,
    and uses the same protocol.