[SECURITY] Don't pass User to newAction

This prevents information disclosure by passing an argument to this controlling

Author: sbusemann

Classes/Controller/NewController.php

@@ -41,14 +41,12 @@ class NewController extends AbstractFrontendController
     /**
      * Render registration form
      *
-     * @param User|null $user
      * @throws JsonException
      */
-    public function newAction(User $user = null): ResponseInterface
+    public function newAction(): ResponseInterface
     {
         $this->view->assignMultiple(
             [
-                'user' => $user,
                 'allUserGroups' => $this->allUserGroups,
             ]
         );

Documentation/Changelog/Index.rst

@@ -4,6 +4,12 @@
 Changelog
 =========
 
+-
+      :Version: 8.2.2
+      :Date: 2025-05-20
+      :Changes:
+      * [BUGFIX] Security: Missing Hash Check for invitation controller - Invitation Templates must be updated (if a custom template is used)
+
 -
       :Version: 8.2.1
       :Date: 2024-11-11

ext_emconf.php

@@ -13,7 +13,7 @@
     'author_email' => '[email protected]',
     'author_company' => 'in2code.de - Wir leben TYPO3',
     'state' => 'stable',
-    'version' => '8.2.1',
+    'version' => '8.2.2',
     'constraints' => [
         'depends' => [
             'typo3' => '12.0.0-12.4.99',