Typo 5.0.4 beta 2 is out, fixes a critical security vulnerability

Michael Morin has discovered a critical vulnerability in Typo prior to release 5.0.4.98.1 which may lead to arbitrary code execution and privilege escalation on Typo blogs. Even though 5.0.4b1 was released yesterday, this vulnerability is critical enough to make us release 5.0.4b2 today.

This release also fixes a bunch of bugs such as:

• Missing dependencies in the installer.
• articles.rss and articles.atom bad naming.
• Bad unordered lists display on the new default theme.

You can download this new version on Rubyforge, or just install the gem.[…]