Fixed a bug that allowed for HTML injection in PleromaFE. The commit that introduced it is not in any release, but if you run FE from dev you should update. https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1415