Key Vulnerability Information Bug Fixes and Changes Error when creating a new work package after the previous one is opened in details view [#67980] OpenID Connect: Claims escaped twice [#69079] Disable editing of sendmail attributes through UI [#69577] Contributions Community members reported bugs and contributed to their resolution. Security Implications The fixes indicate potential security vulnerabilities related to OpenID Connect claims and UI editing access, which if not properly addressed could have been exploited. Assets Source code available in ZIP and tar.gz formats. General Notes OpenProject 16.6.2 released on Dec 2, 2025. Several bug fixes are included, with a recommendation to update to the latest version. Special thanks to contributors for reporting and finding bugs.