- As "dr.wh0" pointed out, the category field for link submissions was not filtered at all. Although you probably can't cause too much harm with those 32 characters, this has now been fixed.
- Vincent Furia found that the restrictions for the form to email users could be circumvented and could even be used to spam users.
On 1.3.8-1sr3, there is now also a speed limit when sending emails to users.
- There was a way to post comments anonymously even when posting for anonymous users had been disabled.
- It was possible to post comments under someone else's username.
* sigh * Comment posting was so secure now that it didn't let you post any comments at all. The problem has been fixed and the tarballs have been updated. Please replace comment.php (if you've downloaded the full tarball, you only need the upgrade tarball now). Sorry about that.