the last update in the 0.9.x series has been released only a few weeks ago, and now it’s already time for another one. Besides various bugfixes (among those, Phonon notifications play sound again!), and a bunch of new and improved translations, the main reason for this one is, unfortunately, another vulnerability: with a carefully manipulated client, you can retrieve the backlog of other users on the quasselcore you’re using. Proper authentication is still needed, so this will only affect people who allow untrusted and malicious users on their shared core. Still, an upgrade is highly recommended.
If you happen to be a distro packager, please be advised to backport (i.e. simply apply) this and, if you haven’t done so yet since the release of 0.9.1, this patch to your packages, if you can’t bump them to 0.9.2 for release process reasons.
Well, here’s hoping that next time we won’t have that sense of urgency again :)
Have a nice day, and happy updating,