* Fixed potential e-mail header injection in e-mail form affecting
  installations running on PHP 4.2.2 or earlier.
* Fixed various SQL injection vulnerabilities in admin scripts.
* Fixed authentication bypass vulnerability in cookie password hash
  checking.
* Fixed "Mark all topics as read" not showing up on some search pages.
* Fixed unverified users not being displayed in user list.
* Fixed subscriptions not being properly disabled when turned off in
  admin/options.
* Fixed lazy referrer check in admin/options sometimes resulting in an
  undefined index notice.