Here is the key information about the vulnerability: Security vulnerability in the import backup functionality has been fixed: - Path traversal vulnerability: The original code used to handle filenames, which could allow path traversal attacks. An attacker could exploit this by including path components in the filename (e.g., ) to access or write to arbitrary files. New filename validation logic added: Allowed file types: - Specific filenames (e.g., "settings.json", "colors.json", "pages.json", etc.). - Files starting with "bookmarks-" and ending with ".json". Prohibited path characters: - Filenames containing , , or are considered invalid. File content validation: - JSON file contents are checked for validity to ensure they conform to proper JSON format.