Ok I found this
VERSION UPDATE: 6.02
Minor update with bug fixes reported to date resolved.
The quick reply box for vBEnhanced users has returned in this update.
Security Note: A hard check for .php, .pl and .cgi file extensions is filenames is not being done to reject files with these extensions embedded anywhere in the filename. While PhotoPost does not allow periods in filenames, these are converted to underscores, we believe that any file with a script extensions should be outright rejected in the event someone is trying to upload malicious data to your server.
Updated files since 6.01 release:
You do not need to run the upgrade script for this update; you only need update the changed files.
so does this mean that uploading all the files is enough, I dont need to do anything else?