diff --git a/administrator/components/com_banners/forms/banner.xml b/administrator/components/com_banners/forms/banner.xml
index 9c3dc80f97d..82c1d6a67c6 100644
--- a/administrator/components/com_banners/forms/banner.xml
+++ b/administrator/components/com_banners/forms/banner.xml
@@ -301,6 +301,9 @@
 			<field
 				name="imageurl"
 				type="media"
+				schemes="http,https,ftp,ftps,data,file"
+				validate="url"
+				relative="true"
 				label="COM_BANNERS_FIELD_IMAGE_LABEL"
 				directory="banners"
 				hide_none="1"
diff --git a/administrator/components/com_categories/forms/category.xml b/administrator/components/com_categories/forms/category.xml
index 1485f478ff1..b15523d7fc5 100644
--- a/administrator/components/com_categories/forms/category.xml
+++ b/administrator/components/com_categories/forms/category.xml
@@ -234,6 +234,9 @@
 				<field
 					name="image"
 					type="media"
+					schemes="http,https,ftp,ftps,data,file"
+					validate="url"
+					relative="true"
 					label="COM_CATEGORIES_FIELD_IMAGE_LABEL"
 				/>
 
diff --git a/administrator/components/com_config/forms/application.xml b/administrator/components/com_config/forms/application.xml
index 0e1f2f654aa..f0cba88ffe0 100644
--- a/administrator/components/com_config/forms/application.xml
+++ b/administrator/components/com_config/forms/application.xml
@@ -1022,6 +1022,9 @@
 		<field
 			name="offline_image"
 			type="media"
+			schemes="http,https,ftp,ftps,data,file"
+			validate="url"
+			relative="true"
 			label="COM_CONFIG_FIELD_OFFLINE_IMAGE_LABEL"
 			showon="offline:1"
 		/>
diff --git a/administrator/components/com_contact/config.xml b/administrator/components/com_contact/config.xml
index ced0f5f8af9..58171c31bfe 100644
--- a/administrator/components/com_contact/config.xml
+++ b/administrator/components/com_contact/config.xml
@@ -253,6 +253,9 @@
 		<field
 			name="image"
 			type="media"
+			schemes="http,https,ftp,ftps,data,file"
+			validate="url"
+			relative="true"
 			label="COM_CONTACT_FIELD_PARAMS_IMAGE_LABEL"
 			default=""
 			showon="show_info:1[AND]show_image:1"
@@ -410,6 +413,9 @@
 		<field
 			name="icon_address"
 			type="media"
+			schemes="http,https,ftp,ftps,data,file"
+			validate="url"
+			relative="true"
 			label="COM_CONTACT_FIELD_ICONS_ADDRESS_LABEL"
 			hide_none="1"
 			default=""
@@ -419,6 +425,9 @@
 		<field
 			name="icon_email"
 			type="media"
+			schemes="http,https,ftp,ftps,data,file"
+			validate="url"
+			relative="true"
 			label="COM_CONTACT_FIELD_ICONS_EMAIL_LABEL"
 			hide_none="1"
 			default=""
@@ -428,6 +437,9 @@
 		<field
 			name="icon_telephone"
 			type="media"
+			schemes="http,https,ftp,ftps,data,file"
+			validate="url"
+			relative="true"
 			label="COM_CONTACT_FIELD_ICONS_TELEPHONE_LABEL"
 			hide_none="1"
 			default=""
@@ -437,6 +449,9 @@
 		<field
 			name="icon_mobile"
 			type="media"
+			schemes="http,https,ftp,ftps,data,file"
+			validate="url"
+			relative="true"
 			label="COM_CONTACT_FIELD_ICONS_MOBILE_LABEL"
 			hide_none="1"
 			default=""
@@ -446,6 +461,9 @@
 		<field
 			name="icon_fax"
 			type="media"
+			schemes="http,https,ftp,ftps,data,file"
+			validate="url"
+			relative="true"
 			label="COM_CONTACT_FIELD_ICONS_FAX_LABEL"
 			hide_none="1"
 			default=""
@@ -455,6 +473,9 @@
 		<field
 			name="icon_webpage"
 			type="media"
+			schemes="http,https,ftp,ftps,data,file"
+			validate="url"
+			relative="true"
 			label="COM_CONTACT_FIELD_ICONS_WEBPAGE_LABEL"
 			hide_none="1"
 			default=""
@@ -464,6 +485,9 @@
 		<field
 			name="icon_misc"
 			type="media"
+			schemes="http,https,ftp,ftps,data,file"
+			validate="url"
+			relative="true"
 			label="COM_CONTACT_FIELD_ICONS_MISC_LABEL"
 			hide_none="1"
 			default=""
diff --git a/administrator/components/com_contact/forms/contact.xml b/administrator/components/com_contact/forms/contact.xml
index 5e69029ead6..e8d2e4aa36b 100644
--- a/administrator/components/com_contact/forms/contact.xml
+++ b/administrator/components/com_contact/forms/contact.xml
@@ -211,6 +211,9 @@
 		<field
 			name="image"
 			type="media"
+			schemes="http,https,ftp,ftps,data,file"
+			validate="url"
+			relative="true"
 			label="COM_CONTACT_FIELD_PARAMS_IMAGE_LABEL"
 			hide_none="1"
 		/>
diff --git a/administrator/components/com_content/forms/article.xml b/administrator/components/com_content/forms/article.xml
index b53a81ee436..3d84a99caf1 100644
--- a/administrator/components/com_content/forms/article.xml
+++ b/administrator/components/com_content/forms/article.xml
@@ -723,6 +723,9 @@
 				name="image_intro"
 				type="media"
 				label="COM_CONTENT_FIELD_INTRO_LABEL"
+				schemes="http,https,ftp,ftps,data,file"
+				validate="url"
+				relative="true"
 			/>
 
 			<field
@@ -759,6 +762,9 @@
 			<field
 				name="image_fulltext"
 				type="media"
+				schemes="http,https,ftp,ftps,data,file"
+				validate="url"
+				relative="true"
 				label="COM_CONTENT_FIELD_FULL_LABEL"
 			/>
 
diff --git a/administrator/components/com_languages/tmpl/installed/default.php b/administrator/components/com_languages/tmpl/installed/default.php
index fb4156b39a3..7689e221268 100644
--- a/administrator/components/com_languages/tmpl/installed/default.php
+++ b/administrator/components/com_languages/tmpl/installed/default.php
@@ -120,7 +120,7 @@ $listDirn  = $this->escape($this->state->get('list.direction'));
                                 <?php echo $this->escape($row->author); ?>
                             </td>
                             <td class="d-none d-md-table-cell text-center">
-                                <?php echo PunycodeHelper::emailToUTF8($this->escape($row->authorEmail)); ?>
+                                <?php echo $this->escape(PunycodeHelper::emailToUTF8($row->authorEmail)); ?>
                             </td>
                             <td class="d-none d-md-table-cell text-center">
                                 <?php echo $this->escape($row->extension_id); ?>
diff --git a/administrator/components/com_menus/forms/item_alias.xml b/administrator/components/com_menus/forms/item_alias.xml
index cdb89b2be20..6ef0572ada7 100644
--- a/administrator/components/com_menus/forms/item_alias.xml
+++ b/administrator/components/com_menus/forms/item_alias.xml
@@ -58,6 +58,9 @@
 			<field
 				name="menu_image"
 				type="media"
+				schemes="http,https,ftp,ftps,data,file"
+				validate="url"
+				relative="true"
 				label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
 			/>
 
diff --git a/administrator/components/com_menus/forms/item_component.xml b/administrator/components/com_menus/forms/item_component.xml
index 08422b73cb1..0ce210be7e4 100644
--- a/administrator/components/com_menus/forms/item_component.xml
+++ b/administrator/components/com_menus/forms/item_component.xml
@@ -27,6 +27,9 @@
 			<field
 				name="menu_image"
 				type="media"
+				schemes="http,https,ftp,ftps,data,file"
+				validate="url"
+				relative="true"
 				label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
 			/>
 
diff --git a/administrator/components/com_menus/forms/item_heading.xml b/administrator/components/com_menus/forms/item_heading.xml
index b4ce4ce2bf9..38b5b1ef879 100644
--- a/administrator/components/com_menus/forms/item_heading.xml
+++ b/administrator/components/com_menus/forms/item_heading.xml
@@ -28,6 +28,9 @@
 			<field
 				name="menu_image"
 				type="media"
+				schemes="http,https,ftp,ftps,data,file"
+				validate="url"
+				relative="true"
 				label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
 			/>
 
diff --git a/administrator/components/com_menus/forms/item_separator.xml b/administrator/components/com_menus/forms/item_separator.xml
index 20f05444452..63371c68452 100644
--- a/administrator/components/com_menus/forms/item_separator.xml
+++ b/administrator/components/com_menus/forms/item_separator.xml
@@ -23,6 +23,9 @@
 			<field
 				name="menu_image"
 				type="media"
+				schemes="http,https,ftp,ftps,data,file"
+				validate="url"
+				relative="true"
 				label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
 			/>
 
diff --git a/administrator/components/com_menus/forms/item_url.xml b/administrator/components/com_menus/forms/item_url.xml
index 21850df4abb..7b58b121adf 100644
--- a/administrator/components/com_menus/forms/item_url.xml
+++ b/administrator/components/com_menus/forms/item_url.xml
@@ -54,6 +54,9 @@
 			<field
 				name="menu_image"
 				type="media"
+				schemes="http,https,ftp,ftps,data,file"
+				validate="url"
+				relative="true"
 				label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
 			/>
 
diff --git a/administrator/components/com_menus/forms/itemadmin_alias.xml b/administrator/components/com_menus/forms/itemadmin_alias.xml
index 2e4077f9020..714233ecc69 100644
--- a/administrator/components/com_menus/forms/itemadmin_alias.xml
+++ b/administrator/components/com_menus/forms/itemadmin_alias.xml
@@ -38,6 +38,9 @@
 			<field
 				name="menu_image"
 				type="media"
+				schemes="http,https,ftp,ftps,data,file"
+				validate="url"
+				relative="true"
 				label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
 			/>
 
diff --git a/administrator/components/com_menus/forms/itemadmin_component.xml b/administrator/components/com_menus/forms/itemadmin_component.xml
index 8724d640111..c5196cfc77c 100644
--- a/administrator/components/com_menus/forms/itemadmin_component.xml
+++ b/administrator/components/com_menus/forms/itemadmin_component.xml
@@ -22,6 +22,9 @@
 			<field
 				name="menu_image"
 				type="media"
+				schemes="http,https,ftp,ftps,data,file"
+				validate="url"
+				relative="true"
 				label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
 			/>
 
diff --git a/administrator/components/com_menus/forms/itemadmin_container.xml b/administrator/components/com_menus/forms/itemadmin_container.xml
index d6c07c0cdd9..bbf75ff074e 100644
--- a/administrator/components/com_menus/forms/itemadmin_container.xml
+++ b/administrator/components/com_menus/forms/itemadmin_container.xml
@@ -35,6 +35,9 @@
 			<field
 				name="menu_image"
 				type="media"
+				schemes="http,https,ftp,ftps,data,file"
+				validate="url"
+				relative="true"
 				label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
 			/>
 
diff --git a/administrator/components/com_menus/forms/itemadmin_heading.xml b/administrator/components/com_menus/forms/itemadmin_heading.xml
index 8aba60deaae..25181bcbb17 100644
--- a/administrator/components/com_menus/forms/itemadmin_heading.xml
+++ b/administrator/components/com_menus/forms/itemadmin_heading.xml
@@ -35,6 +35,9 @@
 			<field
 				name="menu_image"
 				type="media"
+				schemes="http,https,ftp,ftps,data,file"
+				validate="url"
+				relative="true"
 				label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
 			/>
 
diff --git a/administrator/components/com_menus/forms/itemadmin_url.xml b/administrator/components/com_menus/forms/itemadmin_url.xml
index 3f2b932dc55..355cee6896b 100644
--- a/administrator/components/com_menus/forms/itemadmin_url.xml
+++ b/administrator/components/com_menus/forms/itemadmin_url.xml
@@ -52,6 +52,9 @@
 			<field
 				name="menu_image"
 				type="media"
+				schemes="http,https,ftp,ftps,data,file"
+				validate="url"
+				relative="true"
 				label="COM_MENUS_ITEM_FIELD_MENU_IMAGE_LABEL"
 			/>
 
diff --git a/administrator/components/com_newsfeeds/forms/newsfeed.xml b/administrator/components/com_newsfeeds/forms/newsfeed.xml
index a9f647b9bc0..b380d4226c0 100644
--- a/administrator/components/com_newsfeeds/forms/newsfeed.xml
+++ b/administrator/components/com_newsfeeds/forms/newsfeed.xml
@@ -242,6 +242,9 @@
 				<field
 					name="image_first"
 					type="media"
+					schemes="http,https,ftp,ftps,data,file"
+					validate="url"
+					relative="true"
 					label="COM_NEWSFEEDS_FIELD_FIRST_LABEL"
 				/>
 
@@ -285,6 +288,9 @@
 				<field
 					name="image_second"
 					type="media"
+					schemes="http,https,ftp,ftps,data,file"
+					validate="url"
+					relative="true"
 					label="COM_NEWSFEEDS_FIELD_SECOND_LABEL"
 				/>
 
diff --git a/administrator/components/com_privacy/tmpl/requests/default.php b/administrator/components/com_privacy/tmpl/requests/default.php
index 382887ec3b7..f192de4a4d1 100644
--- a/administrator/components/com_privacy/tmpl/requests/default.php
+++ b/administrator/components/com_privacy/tmpl/requests/default.php
@@ -98,7 +98,7 @@ $urgentRequestDate->sub(new DateInterval('P' . $this->urgentRequestAge . 'D'));
                                     <span class="float-end badge bg-danger"><?php echo Text::_('COM_PRIVACY_BADGE_URGENT_REQUEST'); ?></span>
                                 <?php endif; ?>
                                 <a href="<?php echo Route::_('index.php?option=com_privacy&view=request&id=' . (int) $item->id); ?>" title="<?php echo Text::_('COM_PRIVACY_ACTION_VIEW'); ?>">
-                                    <?php echo PunycodeHelper::emailToUTF8($this->escape($item->email)); ?>
+                                    <?php echo $this->escape(PunycodeHelper::emailToUTF8($item->email)); ?>
                                 </a>
                             </th>
                             <td>
diff --git a/administrator/components/com_tags/config.xml b/administrator/components/com_tags/config.xml
index 46d675c58f2..516a73a1a24 100644
--- a/administrator/components/com_tags/config.xml
+++ b/administrator/components/com_tags/config.xml
@@ -73,6 +73,9 @@
 		<field
 			name="tag_list_image"
 			type="media"
+			schemes="http,https,ftp,ftps,data,file"
+			validate="url"
+			relative="true"
 			label="COM_TAGS_TAG_LIST_MEDIA_LABEL"
 		/>
 
diff --git a/administrator/components/com_tags/forms/tag.xml b/administrator/components/com_tags/forms/tag.xml
index fd016058b53..f0bcafe3f73 100644
--- a/administrator/components/com_tags/forms/tag.xml
+++ b/administrator/components/com_tags/forms/tag.xml
@@ -248,6 +248,9 @@
 				<field
 					name="image_intro"
 					type="media"
+					schemes="http,https,ftp,ftps,data,file"
+					validate="url"
+					relative="true"
 					label="COM_TAGS_FIELD_INTRO_LABEL"
 				/>
 
@@ -280,6 +283,9 @@
 				<field
 					name="image_fulltext"
 					type="media"
+					schemes="http,https,ftp,ftps,data,file"
+					validate="url"
+					relative="true"
 					label="COM_TAGS_FIELD_FULL_LABEL"
 				/>
 
diff --git a/administrator/components/com_users/src/Controller/MethodController.php b/administrator/components/com_users/src/Controller/MethodController.php
index d8a852ddf27..a8a2089fc41 100644
--- a/administrator/components/com_users/src/Controller/MethodController.php
+++ b/administrator/components/com_users/src/Controller/MethodController.php
@@ -21,6 +21,7 @@ use Joomla\CMS\Uri\Uri;
 use Joomla\CMS\User\User;
 use Joomla\CMS\User\UserFactoryAwareInterface;
 use Joomla\CMS\User\UserFactoryAwareTrait;
+use Joomla\CMS\User\UserHelper;
 use Joomla\Component\Users\Administrator\Helper\Mfa as MfaHelper;
 use Joomla\Component\Users\Administrator\Model\BackupcodesModel;
 use Joomla\Component\Users\Administrator\Model\MethodModel;
@@ -387,6 +388,9 @@ class MethodController extends BaseControllerAlias implements UserFactoryAwareIn
             return;
         }
 
+        // Method updated, destroy other active sessions
+        UserHelper::destroyUserSessions($userId, true);
+
         $this->setRedirect($url);
     }
 
diff --git a/administrator/components/com_users/tmpl/users/default.php b/administrator/components/com_users/tmpl/users/default.php
index 20794214054..a1f0bfec89a 100644
--- a/administrator/components/com_users/tmpl/users/default.php
+++ b/administrator/components/com_users/tmpl/users/default.php
@@ -187,7 +187,7 @@ $mfa        = PluginHelper::isEnabled('multifactorauth');
                                     </a>
                                 </td>
                                 <td class="d-none d-xl-table-cell break-word">
-                                    <?php echo PunycodeHelper::emailToUTF8($this->escape($item->email)); ?>
+                                    <?php echo $this->escape(PunycodeHelper::emailToUTF8($item->email)); ?>
                                 </td>
                                 <td class="d-none d-xl-table-cell">
                                     <?php if ($item->lastvisitDate !== null) : ?>
diff --git a/administrator/language/en-GB/install.xml b/administrator/language/en-GB/install.xml
index db8e69ed617..743338a7cd8 100644
--- a/administrator/language/en-GB/install.xml
+++ b/administrator/language/en-GB/install.xml
@@ -3,7 +3,7 @@
 	<name>English (en-GB)</name>
 	<tag>en-GB</tag>
 	<version>4.4.3</version>
-	<creationDate>2024-01</creationDate>
+	<creationDate>2024-02</creationDate>
 	<author>Joomla! Project</author>
 	<authorEmail>admin@joomla.org</authorEmail>
 	<authorUrl>www.joomla.org</authorUrl>
diff --git a/administrator/language/en-GB/langmetadata.xml b/administrator/language/en-GB/langmetadata.xml
index cfa47311bb7..6c16913844a 100644
--- a/administrator/language/en-GB/langmetadata.xml
+++ b/administrator/language/en-GB/langmetadata.xml
@@ -2,7 +2,7 @@
 <metafile client="administrator">
 	<name>English (en-GB)</name>
 	<version>4.4.3</version>
-	<creationDate>2024-01</creationDate>
+	<creationDate>2024-02</creationDate>
 	<author>Joomla! Project</author>
 	<authorEmail>admin@joomla.org</authorEmail>
 	<authorUrl>www.joomla.org</authorUrl>
diff --git a/administrator/language/en-GB/lib_joomla.ini b/administrator/language/en-GB/lib_joomla.ini
index 70c1ba14a93..8d0a88ba6c5 100644
--- a/administrator/language/en-GB/lib_joomla.ini
+++ b/administrator/language/en-GB/lib_joomla.ini
@@ -345,6 +345,7 @@ JLIB_FORM_VALIDATE_FIELD_INVALID="Invalid field: %s"
 JLIB_FORM_VALIDATE_FIELD_REQUIRED="Field required: %s"
 JLIB_FORM_VALIDATE_FIELD_RULE_MISSING="Validation Rule missing: %s"
 JLIB_FORM_VALIDATE_FIELD_URL_SCHEMA_MISSING="Invalid URL: URL schema is missing in %1$s. Please add one of the following at the beginning: %2$s."
+JLIB_FORM_VALIDATE_FIELD_URL_INJECTION_DETECTED="Invalid URL: A code injection has been detected in %1$s."
 JLIB_FORM_VALUE_CACHE_APCU="APC User Cache"
 JLIB_FORM_VALUE_CACHE_FILE="File"
 JLIB_FORM_VALUE_CACHE_MEMCACHED="Memcached (Experimental)"
diff --git a/administrator/manifests/files/joomla.xml b/administrator/manifests/files/joomla.xml
index d8e5ae3e3c9..cf71819d9bb 100644
--- a/administrator/manifests/files/joomla.xml
+++ b/administrator/manifests/files/joomla.xml
@@ -6,8 +6,8 @@
 	<authorUrl>www.joomla.org</authorUrl>
 	<copyright>(C) 2019 Open Source Matters, Inc.</copyright>
 	<license>GNU General Public License version 2 or later; see LICENSE.txt</license>
-	<version>4.4.3-dev</version>
-	<creationDate>2024-01</creationDate>
+	<version>4.4.3</version>
+	<creationDate>2024-02</creationDate>
 	<description>FILES_JOOMLA_XML_DESCRIPTION</description>
 
 	<scriptfile>administrator/components/com_admin/script.php</scriptfile>
diff --git a/administrator/manifests/packages/pkg_en-GB.xml b/administrator/manifests/packages/pkg_en-GB.xml
index 047a7848b77..f820c1f2cc4 100644
--- a/administrator/manifests/packages/pkg_en-GB.xml
+++ b/administrator/manifests/packages/pkg_en-GB.xml
@@ -3,7 +3,7 @@
 	<name>English (en-GB) Language Pack</name>
 	<packagename>en-GB</packagename>
 	<version>4.4.3.1</version>
-	<creationDate>2024-01</creationDate>
+	<creationDate>2024-02</creationDate>
 	<author>Joomla! Project</author>
 	<authorEmail>admin@joomla.org</authorEmail>
 	<authorUrl>www.joomla.org</authorUrl>
diff --git a/administrator/templates/atum/templateDetails.xml b/administrator/templates/atum/templateDetails.xml
index 2ebe5801bed..032dca7868b 100644
--- a/administrator/templates/atum/templateDetails.xml
+++ b/administrator/templates/atum/templateDetails.xml
@@ -111,6 +111,9 @@
 					<field
 						name="loginLogo"
 						type="media"
+						schemes="http,https,ftp,ftps,data,file"
+						validate="url"
+						relative="true"
 						label="TPL_ATUM_IMAGE_LABEL"
 					/>
 					<field
@@ -129,6 +132,9 @@
 					<field
 						name="logoBrandLarge"
 						type="media"
+						schemes="http,https,ftp,ftps,data,file"
+						validate="url"
+						relative="true"
 						label="TPL_ATUM_IMAGE_LABEL"
 					/>
 					<field
@@ -147,6 +153,9 @@
 					<field
 						name="logoBrandSmall"
 						type="media"
+						schemes="http,https,ftp,ftps,data,file"
+						validate="url"
+						relative="true"
 						label="TPL_ATUM_IMAGE_LABEL"
 					/>
 					<field
diff --git a/api/language/en-GB/install.xml b/api/language/en-GB/install.xml
index cf5daed6820..e1328d4491d 100644
--- a/api/language/en-GB/install.xml
+++ b/api/language/en-GB/install.xml
@@ -3,7 +3,7 @@
 	<name>English (en-GB)</name>
 	<tag>en-GB</tag>
 	<version>4.4.3</version>
-	<creationDate>2024-01</creationDate>
+	<creationDate>2024-02</creationDate>
 	<author>Joomla! Project</author>
 	<authorEmail>admin@joomla.org</authorEmail>
 	<authorUrl>www.joomla.org</authorUrl>
diff --git a/api/language/en-GB/langmetadata.xml b/api/language/en-GB/langmetadata.xml
index 71fe10e4dc0..ab8d006d1c6 100644
--- a/api/language/en-GB/langmetadata.xml
+++ b/api/language/en-GB/langmetadata.xml
@@ -2,7 +2,7 @@
 <metafile client="api">
 	<name>English (en-GB)</name>
 	<version>4.4.3</version>
-	<creationDate>2024-01</creationDate>
+	<creationDate>2024-02</creationDate>
 	<author>Joomla! Project</author>
 	<authorEmail>admin@joomla.org</authorEmail>
 	<authorUrl>www.joomla.org</authorUrl>
diff --git a/components/com_contact/forms/form.xml b/components/com_contact/forms/form.xml
index bd5429db8ce..8e7da7e3291 100644
--- a/components/com_contact/forms/form.xml
+++ b/components/com_contact/forms/form.xml
@@ -111,6 +111,9 @@
 		<field
 			name="image"
 			type="media"
+			schemes="http,https,ftp,ftps,data,file"
+			validate="url"
+			relative="true"
 			label="COM_CONTACT_FIELD_PARAMS_IMAGE_LABEL"
 			hide_none="1"
 		/>
diff --git a/components/com_contact/tmpl/contact/default_address.php b/components/com_contact/tmpl/contact/default_address.php
index 8133fb9b0cc..0e8a0b6a381 100644
--- a/components/com_contact/tmpl/contact/default_address.php
+++ b/components/com_contact/tmpl/contact/default_address.php
@@ -152,7 +152,7 @@ $icon = $this->params->get('contact_icons') == 0;
     <dd>
         <span class="contact-webpage">
             <a href="<?php echo $this->item->webpage; ?>" target="_blank" rel="noopener noreferrer" itemprop="url">
-            <?php echo PunycodeHelper::urlToUTF8($this->item->webpage); ?></a>
+            <?php echo $this->escape(PunycodeHelper::urlToUTF8($this->item->webpage)); ?></a>
         </span>
     </dd>
 <?php endif; ?>
diff --git a/components/com_contact/tmpl/contact/default_profile.php b/components/com_contact/tmpl/contact/default_profile.php
index b4e0134a04f..098006cda45 100644
--- a/components/com_contact/tmpl/contact/default_profile.php
+++ b/components/com_contact/tmpl/contact/default_profile.php
@@ -30,9 +30,9 @@ use Joomla\CMS\String\PunycodeHelper;
                             $v_http = substr($profile->value, 0, 4);
 
                             if ($v_http === 'http') :
-                                echo '<dd><a href="' . $profile->text . '">' . PunycodeHelper::urlToUTF8($profile->text) . '</a></dd>';
+                                echo '<dd><a href="' . $profile->text . '">' . $this->escape(PunycodeHelper::urlToUTF8($profile->text)) . '</a></dd>';
                             else :
-                                echo '<dd><a href="http://' . $profile->text . '">' . PunycodeHelper::urlToUTF8($profile->text) . '</a></dd>';
+                                echo '<dd><a href="http://' . $profile->text . '">' . $this->escape(PunycodeHelper::urlToUTF8($profile->text)) . '</a></dd>';
                             endif;
                             break;
 
diff --git a/components/com_content/forms/article.xml b/components/com_content/forms/article.xml
index e02d23f1dc1..508a419ec56 100644
--- a/components/com_content/forms/article.xml
+++ b/components/com_content/forms/article.xml
@@ -217,6 +217,9 @@
 			<field
 				name="image_intro"
 				type="media"
+				schemes="http,https,ftp,ftps,data,file"
+				validate="url"
+				relative="true"
 				label="COM_CONTENT_FIELD_INTRO_LABEL"
 			/>
 
@@ -254,6 +257,9 @@
 			<field
 				name="image_fulltext"
 				type="media"
+				schemes="http,https,ftp,ftps,data,file"
+				validate="url"
+				relative="true"
 				label="COM_CONTENT_FIELD_FULL_LABEL"
 			/>
 
diff --git a/components/com_newsfeeds/tmpl/category/default_items.php b/components/com_newsfeeds/tmpl/category/default_items.php
index db4cb4b60c2..91c3627eaf7 100644
--- a/components/com_newsfeeds/tmpl/category/default_items.php
+++ b/components/com_newsfeeds/tmpl/category/default_items.php
@@ -71,7 +71,7 @@ $listDirn  = $this->escape($this->state->get('list.direction'));
                         <?php $link = PunycodeHelper::urlToUTF8($item->link); ?>
                         <span class="list float-start">
                             <a href="<?php echo $item->link; ?>">
-                                <?php echo $link; ?>
+                                <?php echo $this->escape($link); ?>
                             </a>
                         </span>
                         <br>
diff --git a/components/com_tags/tmpl/tag/default.xml b/components/com_tags/tmpl/tag/default.xml
index 78ded32a244..3e542ba6f45 100644
--- a/components/com_tags/tmpl/tag/default.xml
+++ b/components/com_tags/tmpl/tag/default.xml
@@ -88,6 +88,9 @@
 			<field
 				name="tag_list_image"
 				type="media"
+				schemes="http,https,ftp,ftps,data,file"
+				validate="url"
+				relative="true"
 				label="COM_TAGS_TAG_LIST_MEDIA_LABEL"
 			/>
 
diff --git a/components/com_tags/tmpl/tag/list.xml b/components/com_tags/tmpl/tag/list.xml
index 3c1a5af8f4a..b691efa4c9e 100644
--- a/components/com_tags/tmpl/tag/list.xml
+++ b/components/com_tags/tmpl/tag/list.xml
@@ -87,6 +87,9 @@
 			<field
 				name="tag_list_image"
 				type="media"
+				schemes="http,https,ftp,ftps,data,file"
+				validate="url"
+				relative="true"
 				label="COM_TAGS_TAG_LIST_MEDIA_LABEL"
 			/>
 
diff --git a/components/com_tags/tmpl/tags/default.xml b/components/com_tags/tmpl/tags/default.xml
index d23fb69a3c5..8de92b78558 100644
--- a/components/com_tags/tmpl/tags/default.xml
+++ b/components/com_tags/tmpl/tags/default.xml
@@ -71,6 +71,9 @@
 			<field
 				name="all_tags_description_image"
 				type="media"
+				schemes="http,https,ftp,ftps,data,file"
+				validate="url"
+				relative="true"
 				label="COM_TAGS_ALL_TAGS_MEDIA_LABEL"
 			/>
 
diff --git a/components/com_users/tmpl/login/default.xml b/components/com_users/tmpl/login/default.xml
index ff0697f7479..0abcef5ed20 100644
--- a/components/com_users/tmpl/login/default.xml
+++ b/components/com_users/tmpl/login/default.xml
@@ -78,6 +78,9 @@
 				<field
 					name="login_image"
 					type="media"
+					schemes="http,https,ftp,ftps,data,file"
+					validate="url"
+					relative="true"
 					label="JFIELD_LOGIN_IMAGE_LABEL"
 				/>
 
@@ -158,6 +161,9 @@
 				<field
 					name="logout_image"
 					type="media"
+					schemes="http,https,ftp,ftps,data,file"
+					validate="url"
+					relative="true"
 					label="JFIELD_LOGOUT_IMAGE_LABEL"
 				/>
 
diff --git a/composer.json b/composer.json
index fb60a3238bf..eb45763f27f 100644
--- a/composer.json
+++ b/composer.json
@@ -30,6 +30,14 @@
       "type": "vcs",
       "url": "https://github.com/joomla-backports/json-api-php.git",
       "no-api":  true
+    },
+    {
+      "type": "vcs",
+      "url": "https://github.com/joomla-framework/security-filter.git"
+    },
+    {
+      "type": "vcs",
+      "url": "https://github.com/joomla-framework/security-input.git"
     }
   ],
   "autoload": {
@@ -53,7 +61,7 @@
     "joomla/database": "^2.1.1",
     "joomla/di": "^2.0.1",
     "joomla/event": "^2.0.2",
-    "joomla/filter": "^2.0.3",
+    "joomla/filter": "dev-2.x-mbstring-issue566 as 2.0.4",
     "joomla/filesystem": "^2.0.2",
     "joomla/http": "^2.0.2",
     "joomla/input": "^2.0.4",
diff --git a/composer.lock b/composer.lock
index c89eae51bf7..ec1a58213e0 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "186d1c75ba657af1ae5b59e4bfdafe01",
+    "content-hash": "00e01144155a50c968a51bf9692b2b0c",
     "packages": [
         {
             "name": "algo26-matthias/idna-convert",
@@ -1702,16 +1702,16 @@
         },
         {
             "name": "joomla/filter",
-            "version": "2.0.3",
+            "version": "dev-2.x-mbstring-issue566",
             "source": {
                 "type": "git",
-                "url": "https://github.com/joomla-framework/filter.git",
-                "reference": "9102630f9069351c1259b6f585a704fde7029d2a"
+                "url": "git@github.com:joomla-framework/security-filter.git",
+                "reference": "72881a29e90beed6d043af228b64df6850bbfeff"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/joomla-framework/filter/zipball/9102630f9069351c1259b6f585a704fde7029d2a",
-                "reference": "9102630f9069351c1259b6f585a704fde7029d2a",
+                "url": "https://api.github.com/repos/joomla-framework/security-filter/zipball/72881a29e90beed6d043af228b64df6850bbfeff",
+                "reference": "72881a29e90beed6d043af228b64df6850bbfeff",
                 "shasum": ""
             },
             "require": {
@@ -1729,6 +1729,7 @@
             "suggest": {
                 "joomla/language": "Required only if you want to use `OutputFilter::stringURLSafe`."
             },
+            "default-branch": true,
             "type": "joomla-package",
             "extra": {
                 "branch-alias": {
@@ -1740,7 +1741,11 @@
                     "Joomla\\Filter\\": "src/"
                 }
             },
-            "notification-url": "https://packagist.org/downloads/",
+            "autoload-dev": {
+                "psr-4": {
+                    "Joomla\\Filter\\Tests\\": "Tests/"
+                }
+            },
             "license": [
                 "GPL-2.0-or-later"
             ],
@@ -1752,20 +1757,20 @@
                 "joomla"
             ],
             "support": {
-                "issues": "https://github.com/joomla-framework/filter/issues",
-                "source": "https://github.com/joomla-framework/filter/tree/2.0.3"
+                "source": "https://github.com/joomla-framework/security-filter/tree/2.x-mbstring-issue566",
+                "issues": "https://github.com/joomla-framework/security-filter/issues"
             },
             "funding": [
                 {
-                    "url": "https://community.joomla.org/sponsorship-campaigns.html",
-                    "type": "custom"
+                    "type": "github",
+                    "url": "https://github.com/joomla"
                 },
                 {
-                    "url": "https://github.com/joomla",
-                    "type": "github"
+                    "type": "custom",
+                    "url": "https://community.joomla.org/sponsorship-campaigns.html"
                 }
             ],
-            "time": "2023-08-26T07:57:54+00:00"
+            "time": "2024-02-10T14:19:54+00:00"
         },
         {
             "name": "joomla/http",
@@ -9898,6 +9903,12 @@
         }
     ],
     "aliases": [
+        {
+            "package": "joomla/filter",
+            "version": "dev-2.x-mbstring-issue566",
+            "alias": "2.0.4",
+            "alias_normalized": "2.0.4.0"
+        },
         {
             "package": "voku/portable-utf8",
             "version": "6.0.12.0",
@@ -9907,6 +9918,7 @@
     ],
     "minimum-stability": "stable",
     "stability-flags": {
+        "joomla/filter": 20,
         "tobscure/json-api": 20
     },
     "prefer-stable": false,
@@ -9921,5 +9933,5 @@
     "platform-overrides": {
         "php": "7.2.5"
     },
-    "plugin-api-version": "2.3.0"
+    "plugin-api-version": "2.2.0"
 }
diff --git a/includes/framework.php b/includes/framework.php
index 69130d7cfe3..235c5d5c996 100644
--- a/includes/framework.php
+++ b/includes/framework.php
@@ -9,6 +9,7 @@
 
 defined('_JEXEC') or die;
 
+use Joomla\CMS\Uri\Uri;
 use Joomla\CMS\Version;
 use Joomla\Utilities\IpHelper;
 
@@ -22,7 +23,7 @@ if (
     || (file_exists(JPATH_INSTALLATION . '/index.php') && (false === (new Version())->isInDevelopmentState()))
 ) {
     if (file_exists(JPATH_INSTALLATION . '/index.php')) {
-        header('Location: ' . substr($_SERVER['REQUEST_URI'], 0, strpos($_SERVER['REQUEST_URI'], 'index.php')) . 'installation/index.php');
+        header('Location: ' . Uri::base() . 'installation/index.php');
 
         exit;
     } else {
diff --git a/installation/language/en-GB/langmetadata.xml b/installation/language/en-GB/langmetadata.xml
index d12b69093a1..4e18486e84f 100644
--- a/installation/language/en-GB/langmetadata.xml
+++ b/installation/language/en-GB/langmetadata.xml
@@ -2,7 +2,7 @@
 <metafile client="installation">
 	<name>English (United Kingdom)</name>
 	<version>4.4.3</version>
-	<creationDate>2024-01</creationDate>
+	<creationDate>2024-02</creationDate>
 	<author>Joomla! Project</author>
 	<copyright>(C) 2005 Open Source Matters, Inc.</copyright>
 	<license>GNU General Public License version 2 or later; see LICENSE.txt</license>
diff --git a/language/en-GB/install.xml b/language/en-GB/install.xml
index 18a8e7c1631..1a7d134ebd0 100644
--- a/language/en-GB/install.xml
+++ b/language/en-GB/install.xml
@@ -3,7 +3,7 @@
 	<name>English (en-GB)</name>
 	<tag>en-GB</tag>
 	<version>4.4.3</version>
-	<creationDate>2024-01</creationDate>
+	<creationDate>2024-02</creationDate>
 	<author>Joomla! Project</author>
 	<authorEmail>admin@joomla.org</authorEmail>
 	<authorUrl>www.joomla.org</authorUrl>
diff --git a/language/en-GB/langmetadata.xml b/language/en-GB/langmetadata.xml
index 3f6e4ac4c55..0334eae720d 100644
--- a/language/en-GB/langmetadata.xml
+++ b/language/en-GB/langmetadata.xml
@@ -2,7 +2,7 @@
 <metafile client="site">
 	<name>English (en-GB)</name>
 	<version>4.4.3</version>
-	<creationDate>2024-01</creationDate>
+	<creationDate>2024-02</creationDate>
 	<author>Joomla! Project</author>
 	<authorEmail>admin@joomla.org</authorEmail>
 	<authorUrl>www.joomla.org</authorUrl>
diff --git a/language/en-GB/lib_joomla.ini b/language/en-GB/lib_joomla.ini
index 698eac0317a..1878809d3b8 100644
--- a/language/en-GB/lib_joomla.ini
+++ b/language/en-GB/lib_joomla.ini
@@ -344,6 +344,7 @@ JLIB_FORM_VALIDATE_FIELD_INVALID="Invalid field: %s"
 JLIB_FORM_VALIDATE_FIELD_REQUIRED="Field required: %s"
 JLIB_FORM_VALIDATE_FIELD_RULE_MISSING="Validation Rule missing: %s"
 JLIB_FORM_VALIDATE_FIELD_URL_SCHEMA_MISSING="Invalid URL: URL schema is missing in %1$s. Please add one of the following at the beginning: %2$s."
+JLIB_FORM_VALIDATE_FIELD_URL_INJECTION_DETECTED="Invalid URL: A code injection has been detected in %1$s."
 JLIB_FORM_VALUE_CACHE_APCU="APC User Cache"
 JLIB_FORM_VALUE_CACHE_FILE="File"
 JLIB_FORM_VALUE_CACHE_MEMCACHED="Memcached (Experimental)"
diff --git a/libraries/src/Form/Rule/UrlRule.php b/libraries/src/Form/Rule/UrlRule.php
index 447d603afc6..0325b756222 100644
--- a/libraries/src/Form/Rule/UrlRule.php
+++ b/libraries/src/Form/Rule/UrlRule.php
@@ -9,6 +9,7 @@
 
 namespace Joomla\CMS\Form\Rule;
 
+use Joomla\CMS\Filter\InputFilter;
 use Joomla\CMS\Form\Form;
 use Joomla\CMS\Form\FormRule;
 use Joomla\CMS\Language\Text;
@@ -53,6 +54,12 @@ class UrlRule extends FormRule
             return true;
         }
 
+        // Check the value for XSS payloads
+        if ((string) $element['disableXssCheck'] !== 'true' && InputFilter::checkAttribute(['href', $value])) {
+            $element->addAttribute('message', Text::sprintf('JLIB_FORM_VALIDATE_FIELD_URL_INJECTION_DETECTED', $element['name']));
+            return false;
+        }
+
         $urlParts = UriHelper::parse_url($value);
 
         // See https://www.w3.org/Addressing/URL/url-spec.txt
diff --git a/libraries/src/Version.php b/libraries/src/Version.php
index e58ae54fe6a..8dce50bf01d 100644
--- a/libraries/src/Version.php
+++ b/libraries/src/Version.php
@@ -66,7 +66,7 @@ final class Version
      * @var    string
      * @since  3.8.0
      */
-    public const EXTRA_VERSION = 'dev';
+    public const EXTRA_VERSION = '';
 
     /**
      * Development status.
@@ -74,7 +74,7 @@ final class Version
      * @var    string
      * @since  3.5
      */
-    public const DEV_STATUS = 'Development';
+    public const DEV_STATUS = 'Stable';
 
     /**
      * Code name.
@@ -90,7 +90,7 @@ final class Version
      * @var    string
      * @since  3.5
      */
-    public const RELDATE = '9-January-2024';
+    public const RELDATE = '20-February-2024';
 
     /**
      * Release time.
@@ -98,7 +98,7 @@ final class Version
      * @var    string
      * @since  3.5
      */
-    public const RELTIME = '16:01';
+    public const RELTIME = '16:00';
 
     /**
      * Release timezone.
diff --git a/modules/mod_custom/mod_custom.xml b/modules/mod_custom/mod_custom.xml
index 8dc3ad2d2d1..036619b1849 100644
--- a/modules/mod_custom/mod_custom.xml
+++ b/modules/mod_custom/mod_custom.xml
@@ -40,6 +40,9 @@
 				<field
 					name="backgroundimage"
 					type="media"
+					schemes="http,https,ftp,ftps,data,file"
+					validate="url"
+					relative="true"
 					label="MOD_CUSTOM_FIELD_BACKGROUNDIMAGE_LABEL"
 				/>
 			</fieldset>
diff --git a/plugins/user/profile/src/Extension/Profile.php b/plugins/user/profile/src/Extension/Profile.php
index 4bc410e5a06..a7f6a15d5a3 100644
--- a/plugins/user/profile/src/Extension/Profile.php
+++ b/plugins/user/profile/src/Extension/Profile.php
@@ -138,7 +138,7 @@ final class Profile extends CMSPlugin
             return HTMLHelper::_('users.value', $value);
         } else {
             // Convert website URL to utf8 for display
-            $value = PunycodeHelper::urlToUTF8(htmlspecialchars($value));
+            $value = htmlspecialchars(PunycodeHelper::urlToUTF8($value), ENT_QUOTES, 'UTF-8');
 
             if (strpos($value, 'http') === 0) {
                 return '<a href="' . $value . '">' . $value . '</a>';
diff --git a/templates/cassiopeia/templateDetails.xml b/templates/cassiopeia/templateDetails.xml
index d8628d3324a..c28503f1fb0 100644
--- a/templates/cassiopeia/templateDetails.xml
+++ b/templates/cassiopeia/templateDetails.xml
@@ -63,6 +63,9 @@
 				<field
 					name="logoFile"
 					type="media"
+					schemes="http,https,ftp,ftps,data,file"
+					validate="url"
+					relative="true"
 					default=""
 					label="TPL_CASSIOPEIA_LOGO_LABEL"
 					showon="brand:1"