A very minor update (1.0.2c) was released today to fix a feature we inadvertently broke with our recent security fix. Wildcards (* and ?) were no longer being accepted in new user-submitted whitelist and blacklist entries (see #558); pre-existing entries containing wildcards were unaffected, only attempts to add new entries containing wildcards were being rejected.
The fix is equally small: a one-line edit (see ).
Thanks to Jan Arve Nygård for spotting this! :)
A recent code audit revealed a cross-site scripting vulnerability in several of the PHP scripts included in versions up to and including 1.0.2a (see #557 for details), and these have been fixed in the 1.0.2b release, which is strongly recommended for all installations that are currently running any of the affected versions. The pre-release 1.0.3 (SVN) is unaffected by this vulnerability.