Hi,
these new releases protect SPIP from 2 XSS attacks.
SPIP 3.0.2 comes with additional changes:
- The plugin page can now be displayed in the RTL direction
- anonymous session files are destroyed every week
- Bug corrected: desactivation of the statistics when the HTML compressed mode is activated
- Bug corrected: an SQL error occured on the plugin search
- Bug corrected: an infinit loop could make the server crash (disk full)
- A lot of PHP notices have been cleared
- And a lot more…
Refer to the official announce[fr] for mode details.
Note that the security screen has also been upgraded to protect from the XSS attacks.
It’s important to upgrade your website (or a least to put the latest security screen version on your server)
.Gilles