Fixed an XSS vulnerability in Security Library method xss_clean().
Fixed a possible file inclusion vulnerability in Loader Library
method vars().
Fixed a possible remote code execution vulnerability in the Email
Library when ‘mail’ or ‘sendmail’ are used (thanks to Paul Buonopane
from NamePros).
Added protection against timing side-channel attacks in Security
Library method csrf_verify().
Added protection against BREACH attacks targeting the CSRF token
field generated by Form Helper function form_open().