For Michael P:
We recently upgraded to 5.02.
When we ran across: http://secunia.com/advisories/14576/
we didn't pay it much mind as those issues appear to be fixed based on the release notes for 5.01 and/or 5.02.
Number 2 in the list however, appears to still be an issue on our site.
The release notes have:
added a user check to only allow registered users to submit a report photo
for 5.01 but that doesn't appear to be the case for 5.02. Using the example provided, I can still generate emails without being authenticated.
Not really a big issue per se about the email but it does raise the question about the aforementioned holes and whether or not 5.02 may have inadvertently reintroduced some of them.
Can you confirm that the issues 1 - 5 mentioned on Secunia have been dealt with as of 5.02?