TL;DR

🔒 This is a security release!

Fixes the following vulnerabilities:

• Improper sanitize of SVG files during content upload ('Cross-site Scripting') in Sylius/Sylius
• Add missing HTTP headers to avoid login forms clickjacking
• Exposure of sensitive information by using the back button after logging out in sylius/sylius

Details

• #13275 [Maintenance] Add note about doctrine/dbal requirement (@lchrusciel)
• #13282 [API] Revert changes of checked keys in cart and checkout responses to fix the build (@GSadee)
• #13730 [Maintenance] Add conflict to symfony/framework-bundle to fix problem with solving path prefix in API scenarios (@GSadee)
• #13750 [Admin][Shop] placehold.it replaced to local placeholders (@ernestWarwas)
• #13765 [Security] Fixes for SVG XSS, wrong cache for logged in users and clickjacking (@ernestWarwas, @lchrusciel, @GSadee, @Zales0123, @Rafikooo)