diff --git a/CHANGELOG.md b/CHANGELOG.md
index 636fe4278b..e3038ff6dc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,41 @@
+#### v2.4.3 (2022-08-18)
+
+##### Chores
+
+*  incrementing version number - v2.4.2 (3aa7b855)
+*  update changelog for v2.4.2 (ba7a3466)
+*  incrementing version number - v2.4.1 (60cbd148)
+*  incrementing version number - v2.4.0 (4834cde3)
+*  incrementing version number - v2.3.1 (d2425942)
+*  incrementing version number - v2.3.0 (046ea120)
+
+##### Bug Fixes
+
+*  #10845, disallow inline viewing of uploaded html files (4dc7fa05)
+
+#### v2.4.2 (2022-08-17)
+
+##### Chores
+
+*  incrementing version number - v2.4.1 (60cbd148)
+*  update changelog for v2.4.1 (4b6baabb)
+*  incrementing version number - v2.4.0 (4834cde3)
+*  incrementing version number - v2.3.1 (d2425942)
+*  incrementing version number - v2.3.0 (046ea120)
+
+##### Documentation Changes
+
+*  explain what export routes actually do in OpenAPI documentation (#10836) (72e7b9f7)
+
+##### Bug Fixes
+
+*  #10841, incorrect conditional in email interstitial partial (ec048a01)
+*  don't crash if post is undefined (4a3e36a7)
+
+##### Tests
+
+*  passport0.6 (#10638) (6b2a6f90)
+
 #### v2.4.1 (2022-08-14)
 
 ##### Chores
diff --git a/install/package.json b/install/package.json
index c7248c007b..f49aebd84f 100644
--- a/install/package.json
+++ b/install/package.json
@@ -2,7 +2,7 @@
     "name": "nodebb",
     "license": "GPL-3.0",
     "description": "NodeBB Forum",
-    "version": "2.4.1",
+    "version": "2.4.3",
     "homepage": "http://www.nodebb.org",
     "repository": {
         "type": "git",
diff --git a/src/middleware/index.js b/src/middleware/index.js
index d0d3ed346f..96bd3da398 100644
--- a/src/middleware/index.js
+++ b/src/middleware/index.js
@@ -214,12 +214,13 @@ middleware.buildSkinAsset = helpers.try(async (req, res, next) => {
 	res.status(200).type('text/css').send(css);
 });
 
-middleware.trimUploadTimestamps = function trimUploadTimestamps(req, res, next) {
-	// Check match
+middleware.addUploadHeaders = function addUploadHeaders(req, res, next) {
+	// Trim uploaded files' timestamps when downloading + force download if html
 	let basename = path.basename(req.path);
+	const extname = path.extname(req.path);
 	if (req.path.startsWith('/uploads/files/') && middleware.regexes.timestampedUpload.test(basename)) {
 		basename = basename.slice(14);
-		res.header('Content-Disposition', `inline; filename="${basename}"`);
+		res.header('Content-Disposition', `${extname.startsWith('.htm') ? 'attachment' : 'inline'}; filename="${basename}"`);
 	}
 
 	next();
diff --git a/src/routes/index.js b/src/routes/index.js
index 557380315d..03b5c7fdfb 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -182,7 +182,7 @@ function addCoreRoutes(app, router, middleware, mounts) {
 	}
 
 	statics.forEach((obj) => {
-		app.use(relativePath + obj.route, middleware.trimUploadTimestamps, express.static(obj.path, staticOptions));
+		app.use(relativePath + obj.route, middleware.addUploadHeaders, express.static(obj.path, staticOptions));
 	});
 	app.use(`${relativePath}/uploads`, (req, res) => {
 		res.redirect(`${relativePath}/assets/uploads${req.path}?${meta.config['cache-buster']}`);
diff --git a/src/views/partials/email_update.tpl b/src/views/partials/email_update.tpl
index bdf70d6ac0..5e2d77f183 100644
--- a/src/views/partials/email_update.tpl
+++ b/src/views/partials/email_update.tpl
@@ -11,7 +11,7 @@
 		<p class="help-block">[[user:emailUpdate.change-instructions]]</p>
 	</div>
 
-	{{{ if update }}}
+	{{{ if issuePasswordChallenge }}}
 	<div class="form-group">
 		<label for="password">[[register:password]]</label>
 		<input class="form-control" type="password" id="password" name="password" />