It has come to my attention, thanks to forum user neroz, that there is a small XSS vulnerability in Ditto 2.0.2. Although 2.1 is nearly ready, I will be away for the next 10 days or so and do not wish to release something I will not be able to support. Therefore, I’ve created a patched version of Ditto 2.0.2, which has now been
released as 2.0.3. If your site makes extensive use of javascript or cookies, it would be wise to update your Ditto install. Otherwise, stay tuned for Ditto 2.1 in the near future!
To find out more about the dangers of XSS check out
http://www.cgisecurity.com/articles/xss-faq.shtml.
Note: The results per page addon has been patched as well. You can get it from the
repository.
