Hugo

**Note** that this release is only relevant if you use Hugo's `openapi3.Unmarshal` template function.

What's Changed

* deps: Downgrade github.com/getkin/kin-openapi v0.124.0 => v0.123.0 3c6260f04 bep

What's Changed

* Fix one more resource change eviction logic issue bb59a7ed9 bep 12395 12456
* Make the cache eviction logic for stale entities more robust 503d20954 bep 12458
* build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.1 to 2.2.2 68e95327f dependabot[bot]
* Run mage generate 9cd7db61d bep
* resources/page: Pull internal Page methods into its own interface c892e75fb bep

What's Changed

* Fix rebuilds on cascade deletes/renames 7be7f89bf bep 12449
* commands: Print "Webserver is ..." right before "Total ..." c8e400b62 bep 12384
* Make sure replaced pages gets marked as stale 9dd687027 bep 12436

What Changed

* Fix rebuilds when running hugo -w 7203a95a6 bep 12296
* tpl/tplimpl: Fix double-escaping in opengraph template fb51b698b jmooring 12418
* commands: Clarify that create or install a theme are two options fe84cc218 Habbie
* config: Setups with only one active language can never be multihost babcb339a bep 12288
* Use Apache License without modification 6b867972e bep 12415
* build(deps): bump github.com/tdewolff/minify/v2 from 2.20.19 to 2.20.20 fb084390c dependabot[bot]

This release fixes a security issue reported by ejona86 (see 12411) that could allow [XSS injection](https://owasp.org/www-community/attacks/xss/) from Markdown content files if one of the internal [link or image](https://gohugo.io/getting-started/configuration-markup/#renderhooksimageenabledefault) render hook templates added in Hugo 0.123.0 are enabled. You typically control and trust the content files, but according to Hugo's [security model](https://gohugo.io/about/security/), we state that "template and configuration authors (you) are trusted, but the data you send in is not."

* markup/goldmark: Fix data race in the hugocontext wrapper 509ab08c1 bep
* tpl: Escape .Title in built-in image and link render hooks 15a4b9b33 bep
* tpl/tplimpl: Improve embedded templates 10a8448ee jmooring 12396
* SECURITY.md: Update link to security model 722c486a3 ejona86
* modules: Fix potential infinite loop in module collection f40f50ead bep 12407

What's Changed

* Only add root sections to the section pages menu 06d248910 bep 12399
* Fix partial rebuilds for SCSS fetched with GetMatch and similar Fixes 12395 004b69439 bep
* commands: Add gen chromastyles --lineNumbersTableStyle flag da6112fc6 jmooring 12393
* resources/images: Fix TestColorLuminance on s390x faf9fedc3 bep
* commands: Provide examples for chromastyles flags 11aa89319 jmooring 12387