This is a security release, with the bonus of having some feature and bug fixes as well. It's recommended that you upgrade as soon as possible, since this flaw has been published and could possible be being exploited as we speak.
Thanks to Beenu Arora and 0x6a616d6573 for testing and pointing out the flaws.
Below is the full list of changes. Enjoy!
Version 1.6.7 - Teremba Bay
- #3999 Upload a file with apostrophe make problem
- #4137 small text typo in admin/login.php
- #4192 Extra Page Attribute's are listed in the wrong order
- #4208 Don't show inactive template in the page 404
- #4431 UDT names not validated when being edited
- Improvements to XML module generation
- Fixes to prevent possible remote file inclusion vulnerabilities
- Minor improvements to the News module
- New version of TinyMCE
- Improvements to File Manager and Image Manager
- Improvements to Module Manager; upgrade now possible from the "Available Upgrades"-tab
- Adsense-plugin modified, to accept the ad_slot parameter