Merge branch 'master' into develop

CHANGELOG.md

@@ -1,12 +1,18 @@
 HumHub Changelog
 ================
 
-1.11.4 (Unreleased)
-----------------------
+1.11.4 (July 6, 2022)
+---------------------
+
+This release also fixes a [security](https://github.com/humhub/humhub/security/advisories/GHSA-p7h3-73v7-959c) issue. 
+HumHub was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, the user would need a permission to administer Spaces.
+An update is STRONGLY recommended.
+
 - Fix #5776: Hide beta modules on disabled filter
 - Fix #5799: Incorrect selection when multiple custom filters are in place 
 - Fix #5780: Don't hide icon "remove item" on picker
 - Fix #5800: Hide data of disabled users on picker filters on "People" page
+- Fix #5791: Fix XSS in membership confirmation 
 
 1.11.3 (June 27, 2022)
 ----------------------

protected/humhub/tests/codeception/_pages/LoginPage.php

@@ -26,9 +26,10 @@ class LoginPage extends BasePage
         $this->actor->fillField('Login[password]', $password);
         $this->actor->click('#login-button');
     }
-    
+
     public function selfInvite($email)
     {
+        $this->actor->fillField('Invite[email]', $email);
         $this->actor->submitForm('#invite-form', ['Invite' => [
             'email' => $email
        ]]);