diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7afaaffae5..914bde051c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,11 @@
 You should also include the user name that made the change.
 -->
 
+## 13.3.3 (2023/02/04)
+
+### Bugfixes
+- Server: improve security
+
 ## 13.3.2 (2023/02/04)
 
 ### Improvements
diff --git a/locales/zh-CN.yml b/locales/zh-CN.yml
index 295fc6e349..bc29aba0a0 100644
--- a/locales/zh-CN.yml
+++ b/locales/zh-CN.yml
@@ -1023,17 +1023,23 @@ _achievements:
       title: "定期联系Ⅲ"
       description: "总登录天数400天"
     _login500:
+      title: "老熟人Ⅰ"
       description: "总登录天数500天"
       flavor: "诸君，我喜欢贴文"
     _login600:
+      title: "老熟人Ⅱ"
       description: "总登录天数600天"
     _login700:
+      title: "老熟人Ⅲ"
       description: "总登录天数700天"
     _login800:
+      title: "帖子大师Ⅰ"
       description: "总登录天数800天"
     _login900:
+      title: "帖子大师Ⅱ"
       description: "总登录天数900天"
     _login1000:
+      title: "帖子大师Ⅲ"
       description: "总登录天数1000天"
       flavor: "感谢您使用Misskey！"
     _noteClipped1:
@@ -1086,6 +1092,7 @@ _achievements:
       title: "信号塔"
       description: "拥有超过500名关注者"
     _followers1000:
+      title: "大影响家"
       description: "拥有超过1000名关注者"
     _collectAchievements30:
       title: "成就收藏家"
diff --git a/package.json b/package.json
index 236d02eb3c..7609cce8d4 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "misskey",
-	"version": "13.3.2",
+	"version": "13.3.3",
 	"codename": "nasubi",
 	"repository": {
 		"type": "git",
diff --git a/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts b/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts
index 061e371d65..bcd793ac43 100644
--- a/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts
+++ b/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts
@@ -95,14 +95,14 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 
 			try {
 				if (ps.tag) {
-					if (!safeForSql(ps.tag)) throw 'Injection';
+					if (!safeForSql(normalizeForSearch(ps.tag))) throw 'Injection';
 					query.andWhere(`'{"${normalizeForSearch(ps.tag)}"}' <@ note.tags`);
 				} else {
 					query.andWhere(new Brackets(qb => {
 						for (const tags of ps.query!) {
 							qb.orWhere(new Brackets(qb => {
 								for (const tag of tags) {
-									if (!safeForSql(tag)) throw 'Injection';
+									if (!safeForSql(normalizeForSearch(tag))) throw 'Injection';
 									qb.andWhere(`'{"${normalizeForSearch(tag)}"}' <@ note.tags`);
 								}
 							}));