The gremlins are having a whale of a time it seems. I have been alerted that the current code to control any malicious javascript is not working. I have performed a few tests, and have found this to be true. The cause of this failure has been isolated, and I have updated the full/upgrade packages.
Existing users are strongly advised to download the file 401 Security Update. This pack also includes the recent user name check in both the registration and update profile routines. Thanks to Grindordie for the heads up! More Late last night I was informed about a potential exploit in registration.php, this time via the location/web url input. This has been fixed and added to this pack.
Finally, since a few users have reported their site does not work after updating, I have merged this update with the previous patch as described in This News item.
