Bug Fixes

• [SECURITY] Fixed an issue where the default app could render incorrectly depending
  on the path Electron was installed into. #9249
• [SECURITY] Fixed an issue where certain built-in window APIs like alert, confirm,
  open, history.go, and postMessage would throw errors in the main process
  instead of the renderer processes when the arguments were invalid. #9252
• [SECURITY] Fixed an issue where chrome-devtools: URLs would incorrectly override certain window options. #9278
• [SECURITY] Fixed an issue where certain valid frame names passed to window.open would
  throw errors in the main process. #9287
• Fixed a memory leak in windows that have the sandbox option enabled. #9314
• Fixed a crash when closing a window from within the callback to certain
  emitted events. #9113
• [SECURITY] Fixed an issue when using postMessage across windows where the
  targetOrigin parameter was not correctly compared against the source
  origin. #9301
• Fixed a debugger crash that would occur parsing certain protocol messages.
  #9322
• [SECURITY] Fixed an issue where specifying webPreferences in the features parameter
  to window.open would throw an error in the main process. #9289

macOS

• Fixed an issue where the Error emitted on autoUpdater error events
  would be missing the message and stack properties when serialized to JSON
  or sent over IPC. #9255

API Changes

• The module search path used by require is now set to the application root
  for non-file: URLs such as about:blank. #9095
• [SECURITY] The javascript option is now disabled in windows opened from a window that
  already has it disabled, similar to the nodeIntegration option. #9250

macOS

• sheet-begin and sheet-end events are now emitted by BrowserWindow
  instances when dialog sheets are presented/dismissed. #9108

Windows

• A session-end event is now emitted by BrowserWindow instances when the
  OS session is ending. #9254