We've fixed an issue that could lead to a XSS in special circumstances
on development machines. On my machine it wasn't reproducible, on the
machine of the developer it was. It depend on some PHP.ini settings
regarding the output of messages.
Further on we had to change the schema of the database to fix an
incompatibility with Oracle.