Merge pull request from GHSA-6324-52pr-h4p5

* Bump version

* Fix GHSA-6324-52pr-h4p5

* Fix GHSA-6324-52pr-h4p5

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Zeegaan <nge@umbraco.dk>

src/Umbraco.Infrastructure/Persistence/Repositories/Implement/CreatedPackageSchemaRepository.cs

@@ -266,7 +266,12 @@ public string ExportPackage(PackageDefinition definition)
                     definition.Name.Replace(' ', '_')));
             Directory.CreateDirectory(directoryName);
 
+            var expectedRoot = _hostingEnvironment.MapPathContentRoot(_createdPackagesFolderPath);
             var finalPackagePath = Path.Combine(directoryName, fileName);
+            if (finalPackagePath.StartsWith(expectedRoot) == false)
+            {
+                throw new IOException("Invalid path due to the package name");
+            }
 
             // Clean existing files
             foreach (var packagePath in new[] { definition.PackagePath, finalPackagePath })