Secunia Research contacted us a few days ago about two potential security issues. We have been working to reproduce and fix the issues, while they have held off making them public.
While I won't go into too much detail, I will say that one involves being able to upload a malicious file. It requires an odd set of preferences and a missing file to allow it to happen though, so the threat is pretty low in our opinion. The other was a js code injection. The user was able to inject some js code that would run if an admin edited the users post. This was only open if the site had the 'personal content manager' option enabled in the content plugin.
Both have now been fixed...thanks again to Secunia for pointing them out to us.
Of course, the release also includes all other bug fixes that have been committed since the last release.
All product names mentioned herein are the trademarks of their respective owners. In addition, images, logos, pictures or other material may be trademarks or registered trademarks of their respective owners. Emote images by seb, released under the GPL license. With the kind support of Corllete Lab Studio. Forum Icons by Axialis Team.