A new maintenance release which fixes one potential XSS vulnerability in comments's list and enforce media extension before upload[1] (thanks to Tim Coen, Curesec Gmbh, for reporting them) and two other bugfixes.

Your dashboard should also offer you to upgrade your installation today or tomorrow (depending on your settings). There's also a patch for the developers who prefer this method.

Note

[1] You may also create an .htaccess file at the root of your public folder, with an php_flag engine Off directive to prevent any PHP code execution from your media library.