Security update for CVE-2026-22814.
This release fixes a mass assignment vulnerability in Lucid that could allow user input to override internal ORM state properties.
The issue was caused by relying on hasOwnProperty checks during model assignments, which unintentionally allowed setting internal properties like $attributes, $original, or $isPersisted when passing untrusted input to methods such as fill, merge, or create.
Applications that already properly validate and whitelist input data before passing it to Lucid models are not affected.