LycheeOrg · ildyria · Mar 23, 2026 · Mar 23, 2026 · Mar 23, 2026
diff --git a/docs/releases.md b/docs/releases.md
@@ -30,6 +30,24 @@
 
 ## Version 7
 
+### v7.5.3
+
+Released on Mar 23rd, 2026
+
+#### Fix XSS in RSS feed
+
+Another day, another patch. A bit depressing... but so is the life of a maintainer. This patch fixes a potential XSS vulnerability in the RSS feed. The issue was that the description of the photos was not properly escaped, allowing for potential XSS attacks if they contained malicious code.
+
+* `fix` #4218 : Fix XSS in /feed by @ildyria.
+* `new` #4217 : Added and improved German translations by @hyazinthh.
+
+Once again, thanks to @morimori-dev for reporting the XSS issue.
+
+#### New Contributors
+
+@hyazinthh made their first contribution in https://github.com/LycheeOrg/Lychee/pull/4217
+
+
 ### v7.5.2
 
 Released on Mar 22nd, 2026

diff --git a/src/components/widgets/Announcement.astro b/src/components/widgets/Announcement.astro
@@ -10,8 +10,8 @@
     >NEW</span
   >
   <a
-    href="https://github.com/LycheeOrg/Lychee/releases/tag/v7.5.2"
-    class="text-slate-200 hover:underline dark:text-slate-200 font-medium">Lychee 7.5.2 is now available! »</a
+    href="https://github.com/LycheeOrg/Lychee/releases/tag/v7.5.3"
+    class="text-slate-200 hover:underline dark:text-slate-200 font-medium">Lychee 7.5.3 is now available! »</a
   >
   <!-- <a
     href="https://github.com/LycheeOrg/Lychee/releases/tag/v6.10.4"

diff --git a/src/pages/roadmap.astro b/src/pages/roadmap.astro
@@ -8,8 +8,9 @@ const metadata = {
 
 // Release data extracted from releases.md
 const releases = [
+  { version: 'v7.5.3', date: 'Mar 23, 2026', title: 'Hotfix', type: 'security', highlights: ['Fix XSS in RSS feed'] },
   { version: 'v7.5.2', date: 'Mar 22, 2026', title: 'Camera support & hotfix', type: 'minor', highlights: ['Upload from camera support from Frontend', 'Fix SSRF on name resolution to reserved ip space'] },
-  { version: 'v7.5.1', date: 'Mar 21, 2026', title: 'Hotfix', type: 'bugfix', highlights: ['Fix SSRF on localhost aliases', 'Support PHP wihout LDAP extension'] },
+  { version: 'v7.5.1', date: 'Mar 21, 2026', title: 'Hotfix', type: 'security', highlights: ['Fix SSRF on localhost aliases', 'Support PHP wihout LDAP extension'] },
   { version: 'v7.5.0', date: 'Mar 16, 2026', title: 'Search revamped', type: 'major', highlights: ['New search UI & UX', 'Tag filters in albums'] },
   { version: 'v7.4.2', date: 'Mar 12, 2026', title: 'Fixes', type: 'bugfix', highlights: ['Fixes to the CSP policy'] },
   { version: 'v7.4.1', date: 'Mar 8, 2026', title: 'Fixes and minor improvements', type: 'bugfix', highlights: ['Fixed potential crash related to missing configurations', 'Added error message for missing ldap extension', 'Allow passing individual file paths to lychee:sync command'] },
@@ -169,11 +170,11 @@ const getReleaseTypeBadge = (type: string) => {
     <div class="mx-auto max-w-3xl pt-12 px-4 sm:px-6">
       <div class="grid grid-cols-2 md:grid-cols-4 gap-8 text-center">
         <div class="space-y-2">
-          <div class="text-4xl font-bold text-primary">7.5.2</div>
+          <div class="text-4xl font-bold text-primary">7.5.3</div>
           <div class="text-sm text-gray-600 dark:text-gray-400 uppercase tracking-wide">Latest Version</div>
         </div>
         <div class="space-y-2">
-          <div class="text-4xl font-bold text-primary">120</div>
+          <div class="text-4xl font-bold text-primary">121</div>
           <div class="text-sm text-gray-600 dark:text-gray-400 uppercase tracking-wide">Total Releases</div>
         </div>
         <div class="space-y-2">