From 26630bae819f3dcb76a9751fc352a08f4fc96e92 Mon Sep 17 00:00:00 2001
From: syuilo <Syuilotan@yahoo.co.jp>
Date: Sat, 4 Feb 2023 18:19:49 +0900
Subject: [PATCH 1/3] New translations ja-JP.yml (Chinese Simplified) (#9792)

---
 locales/zh-CN.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/locales/zh-CN.yml b/locales/zh-CN.yml
index 295fc6e349..bc29aba0a0 100644
--- a/locales/zh-CN.yml
+++ b/locales/zh-CN.yml
@@ -1023,17 +1023,23 @@ _achievements:
       title: "定期联系Ⅲ"
       description: "总登录天数400天"
     _login500:
+      title: "老熟人Ⅰ"
       description: "总登录天数500天"
       flavor: "诸君,我喜欢贴文"
     _login600:
+      title: "老熟人Ⅱ"
       description: "总登录天数600天"
     _login700:
+      title: "老熟人Ⅲ"
       description: "总登录天数700天"
     _login800:
+      title: "帖子大师Ⅰ"
       description: "总登录天数800天"
     _login900:
+      title: "帖子大师Ⅱ"
       description: "总登录天数900天"
     _login1000:
+      title: "帖子大师Ⅲ"
       description: "总登录天数1000天"
       flavor: "感谢您使用Misskey!"
     _noteClipped1:
@@ -1086,6 +1092,7 @@ _achievements:
       title: "信号塔"
       description: "拥有超过500名关注者"
     _followers1000:
+      title: "大影响家"
       description: "拥有超过1000名关注者"
     _collectAchievements30:
       title: "成就收藏家"

From ee74df68233adcd5b167258c621565f97c3b2306 Mon Sep 17 00:00:00 2001
From: syuilo <Syuilotan@yahoo.co.jp>
Date: Sat, 4 Feb 2023 18:21:07 +0900
Subject: [PATCH 2/3] fix(server): improve security

---
 .../backend/src/server/api/endpoints/notes/search-by-tag.ts   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts b/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts
index 061e371d65..bcd793ac43 100644
--- a/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts
+++ b/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts
@@ -95,14 +95,14 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 
 			try {
 				if (ps.tag) {
-					if (!safeForSql(ps.tag)) throw 'Injection';
+					if (!safeForSql(normalizeForSearch(ps.tag))) throw 'Injection';
 					query.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`);
 				} else {
 					query.andWhere(new Brackets(qb => {
 						for (const tags of ps.query!) {
 							qb.orWhere(new Brackets(qb => {
 								for (const tag of tags) {
-									if (!safeForSql(tag)) throw 'Injection';
+									if (!safeForSql(normalizeForSearch(tag))) throw 'Injection';
 									qb.andWhere(`'{"${normalizeForSearch(tag)}"}' <@ note.tags`);
 								}
 							}));

From 3f199c71135962406a28d7e3a3174ccbaffb0114 Mon Sep 17 00:00:00 2001
From: syuilo <Syuilotan@yahoo.co.jp>
Date: Sat, 4 Feb 2023 18:22:00 +0900
Subject: [PATCH 3/3] 13.3.3

---
 CHANGELOG.md | 5 +++++
 package.json | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7afaaffae5..914bde051c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,11 @@
 You should also include the user name that made the change.
 -->
 
+## 13.3.3 (2023/02/04)
+
+### Bugfixes
+- Server: improve security
+
 ## 13.3.2 (2023/02/04)
 
 ### Improvements
diff --git a/package.json b/package.json
index 236d02eb3c..7609cce8d4 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "misskey",
-	"version": "13.3.2",
+	"version": "13.3.3",
 	"codename": "nasubi",
 	"repository": {
 		"type": "git",