From cdbd5a58db321cf34f79d6ffe3cd177b2f2e10f1 Mon Sep 17 00:00:00 2001
From: ildyria <beviguier@gmail.com>
Date: Mon, 23 Mar 2026 23:11:23 +0100
Subject: [PATCH 1/2] Version 7.5.3

---
 docs/releases.md                          | 18 ++++++++++++++++++
 src/components/widgets/Announcement.astro |  4 ++--
 src/pages/roadmap.astro                   |  5 +++--
 3 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/docs/releases.md b/docs/releases.md
index 1aade95..476384c 100644
--- a/docs/releases.md
+++ b/docs/releases.md
@@ -30,6 +30,24 @@
 
 ## Version 7
 
+### v7.5.3
+
+Released on Mar 23rd, 2026
+
+#### Fix XSS in RSS feed
+
+Another day, another patch. A bit depressing... but so is the life of a maintainer. This patch fixes a potential XSS vulnerability in the RSS feed. The issue was that the description of the photos were not properly escaped, allowing for potential XSS attacks if they contained malicious code.
+
+* `fix` #4218 : Fix XSS in /feed by @ildyria.
+* `new` #4217 : Added and improved German translations by @hyazinthh.
+
+Once again, thanks to @morimori-dev for reporting the XSS issue.
+
+#### New Contributors
+
+@hyazinthh made their first contribution in https://github.com/LycheeOrg/Lychee/pull/4217
+
+
 ### v7.5.2
 
 Released on Mar 22nd, 2026
diff --git a/src/components/widgets/Announcement.astro b/src/components/widgets/Announcement.astro
index 8e152f4..3f05b1a 100644
--- a/src/components/widgets/Announcement.astro
+++ b/src/components/widgets/Announcement.astro
@@ -10,8 +10,8 @@
     >NEW</span
   >
   <a
-    href="https://github.com/LycheeOrg/Lychee/releases/tag/v7.5.2"
-    class="text-slate-200 hover:underline dark:text-slate-200 font-medium">Lychee 7.5.2 is now available! »</a
+    href="https://github.com/LycheeOrg/Lychee/releases/tag/v7.5.3"
+    class="text-slate-200 hover:underline dark:text-slate-200 font-medium">Lychee 7.5.3 is now available! »</a
   >
   <!-- <a
     href="https://github.com/LycheeOrg/Lychee/releases/tag/v6.10.4"
diff --git a/src/pages/roadmap.astro b/src/pages/roadmap.astro
index 5db9ef3..6541f98 100644
--- a/src/pages/roadmap.astro
+++ b/src/pages/roadmap.astro
@@ -8,6 +8,7 @@ const metadata = {
 
 // Release data extracted from releases.md
 const releases = [
+  { version: 'v7.5.3', date: 'Mar 23, 2026', title: 'Hotfix', type: 'bugfix', highlights: ['Fix XSS in RSS feed'] },
   { version: 'v7.5.2', date: 'Mar 22, 2026', title: 'Camera support & hotfix', type: 'minor', highlights: ['Upload from camera support from Frontend', 'Fix SSRF on name resolution to reserved ip space'] },
   { version: 'v7.5.1', date: 'Mar 21, 2026', title: 'Hotfix', type: 'bugfix', highlights: ['Fix SSRF on localhost aliases', 'Support PHP wihout LDAP extension'] },
   { version: 'v7.5.0', date: 'Mar 16, 2026', title: 'Search revamped', type: 'major', highlights: ['New search UI & UX', 'Tag filters in albums'] },
@@ -169,11 +170,11 @@ const getReleaseTypeBadge = (type: string) => {
     <div class="mx-auto max-w-3xl pt-12 px-4 sm:px-6">
       <div class="grid grid-cols-2 md:grid-cols-4 gap-8 text-center">
         <div class="space-y-2">
-          <div class="text-4xl font-bold text-primary">7.5.2</div>
+          <div class="text-4xl font-bold text-primary">7.5.3</div>
           <div class="text-sm text-gray-600 dark:text-gray-400 uppercase tracking-wide">Latest Version</div>
         </div>
         <div class="space-y-2">
-          <div class="text-4xl font-bold text-primary">120</div>
+          <div class="text-4xl font-bold text-primary">121</div>
           <div class="text-sm text-gray-600 dark:text-gray-400 uppercase tracking-wide">Total Releases</div>
         </div>
         <div class="space-y-2">

From e415d933b148816fdbb1e9df908de346ec1836a4 Mon Sep 17 00:00:00 2001
From: ildyria <beviguier@gmail.com>
Date: Mon, 23 Mar 2026 23:20:50 +0100
Subject: [PATCH 2/2] fix

---
 docs/releases.md        | 2 +-
 src/pages/roadmap.astro | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/releases.md b/docs/releases.md
index 476384c..0e2417e 100644
--- a/docs/releases.md
+++ b/docs/releases.md
@@ -36,7 +36,7 @@ Released on Mar 23rd, 2026
 
 #### Fix XSS in RSS feed
 
-Another day, another patch. A bit depressing... but so is the life of a maintainer. This patch fixes a potential XSS vulnerability in the RSS feed. The issue was that the description of the photos were not properly escaped, allowing for potential XSS attacks if they contained malicious code.
+Another day, another patch. A bit depressing... but so is the life of a maintainer. This patch fixes a potential XSS vulnerability in the RSS feed. The issue was that the description of the photos was not properly escaped, allowing for potential XSS attacks if they contained malicious code.
 
 * `fix` #4218 : Fix XSS in /feed by @ildyria.
 * `new` #4217 : Added and improved German translations by @hyazinthh.
diff --git a/src/pages/roadmap.astro b/src/pages/roadmap.astro
index 6541f98..30254e0 100644
--- a/src/pages/roadmap.astro
+++ b/src/pages/roadmap.astro
@@ -8,9 +8,9 @@ const metadata = {
 
 // Release data extracted from releases.md
 const releases = [
-  { version: 'v7.5.3', date: 'Mar 23, 2026', title: 'Hotfix', type: 'bugfix', highlights: ['Fix XSS in RSS feed'] },
+  { version: 'v7.5.3', date: 'Mar 23, 2026', title: 'Hotfix', type: 'security', highlights: ['Fix XSS in RSS feed'] },
   { version: 'v7.5.2', date: 'Mar 22, 2026', title: 'Camera support & hotfix', type: 'minor', highlights: ['Upload from camera support from Frontend', 'Fix SSRF on name resolution to reserved ip space'] },
-  { version: 'v7.5.1', date: 'Mar 21, 2026', title: 'Hotfix', type: 'bugfix', highlights: ['Fix SSRF on localhost aliases', 'Support PHP wihout LDAP extension'] },
+  { version: 'v7.5.1', date: 'Mar 21, 2026', title: 'Hotfix', type: 'security', highlights: ['Fix SSRF on localhost aliases', 'Support PHP wihout LDAP extension'] },
   { version: 'v7.5.0', date: 'Mar 16, 2026', title: 'Search revamped', type: 'major', highlights: ['New search UI & UX', 'Tag filters in albums'] },
   { version: 'v7.4.2', date: 'Mar 12, 2026', title: 'Fixes', type: 'bugfix', highlights: ['Fixes to the CSP policy'] },
   { version: 'v7.4.1', date: 'Mar 8, 2026', title: 'Fixes and minor improvements', type: 'bugfix', highlights: ['Fixed potential crash related to missing configurations', 'Added error message for missing ldap extension', 'Allow passing individual file paths to lychee:sync command'] },