Release 13.351

Since this update includes security fixes, we recommend all users who host publicly accessible Foundry VTT servers to update to this version if they are able in order to harden your server against these identified security flaws. This patch also contains bug fixes and minor changes collected from our community feedback channels. Thank you to each and every one of our community members who bring their feedback and bug reports to our attention!

WARNING: While this is categorized as a stable release there is always a possibility of unexpected bugs or compatibility issues. As with any time you update the core software, be sure to perform a complete backup of your user data to minimize any risk of data loss.

Bug Fixes

Applications and User Interface

• The Windows Portable build's Browse User Data option now points to the correct location. (13391)
• The Shift + C shortcut now always focuses the chat input. (12884)

Documents and Data

• Closed two security vulnerabilities which allowed for the possibility of RCE exploitation involving edge case operations in Document modification workflows. Our thanks to Oleg Surnin (Positive Technologies) for identifying and disclosing this vulnerability to us.
• Fixed migrations for text drawings with zero width/height. (13049)
• ClientDocument.defaultName correctly adds numbers even when the pack is no longer cached. (13542)
• The Alternate Actor Token dropdown now correctly updates a Token's art. (13551)
• The TokenHUD now gracefully handles orphaned Tokens. (13559)

The Game Canvas

• Fixed an issue that resulted in an error when trying to add placeable objects to a Scene while its placeables layer is being redrawn. (13401)
• The Turn Marker correctly updates when combat ends. (13495)