The glFusion team is releasing glFusion v1.0.2 which addresses several Remote File Inclusion (RFI) vulnerabilities we have discovered. These vulnerabilities could allow properly crafted URLs to load files onto your web server and potentially overwrite existing files. The vulnerability only affects users who host on a Windows platform and have register_globals set to on, but we recommend all glFusion users upgrade to the latest production release as we've also included all the fixes from the Known Issues list. Now is probably a good time to remind everyone that there are several steps you can take to help secure your glFusion site. Please read the glFusion Hardening Guide for some good tips.
As usual, we are providing both a full release archive (in ZIP and TAR.GZ formats) and a delta archive that only contains the files that changed from v1.0.1. Upgrading is very simple and straight forward, simply copy the new files over the existing files on your server. There is no need to run any update utilities since there are no database changes.