This release fixes a security vulnerability that could allow an attacker to execute an arbitrary binary under certain conditions.
See GHSA-32gq-x56h-299c.
Plugin names may now only contain alphanumeric characters or the four special characters +-._.
Thanks to ⬡-49016 for reporting this issue.