This afternoon we were notified of a security issue with the Fuel Core. We located and fixed a security issue immediately.
This issue had to do with the URI not being properly sanitized, which caused a security issue in certain situations.
We strive to make Fuel as secure as possible, and feel horrible that this bug got through our testing process. We are taking steps to ensure that something like this never pops up again. However, if it does, do not hesitate to email us at email@fuelphp.com.
We have released RC2.1 and suggest that you upgrade immediately.
You can also download just the Core v1.0-rc2.1 here:
You can view the Changelog, however this is the only thing that has changed in this release.