* Fixed guest posts sometimes being displayed more than once in topic view.
* Fixed BBCode validator not allowing certain code tag combinations.
* Fixed install e-mail check in install script not corresponding to check in
  email.php.
* Reworded database name description in install script.
* Fixed error when supplying install script with non-existant database layer.
* Fixed supplying post script with both a forum ID and a topic ID leading to
  the subject textbox being displayed even though it wasn't used.
* Fixed users sometimes being assigned the wrong rank.
* Fixed any directory in lang/ being considered a valid language pack.
* Fixed username dupe check not working properly in PostgreSQL.
* Added protection to prevent administrators from deleting or demoting all
  administrators of a board.
* Fixed language and style drop-downs not always being sorted properly.
* Fixed registered users being able to send "form e-mail" to the guest
  account.
* Fixed profile showing the language for the current user when viewing the
  profile of another user.
* Fixed username "Guest" or user ID 1 (via GET) being accepted when adding a
  ban.
* Forced template includes into folder /include/user/ to prevent potential
  code inclusion vulnerability.
* Prevented search from allowing particularly server intensive searches
  (misuse of wildcards).
* Added direct execution prevention to quickjump cache.
* Lowered PunBB's error reporting level to E_ALL ^ E_NOTICE to ease
  integration with applications that do not support E_ALL.
* Fixed various SQL injection vulnerabilities in the admin interface (only
  exploitable by admins and mods).
* Added HTML escaping of the redirect URL.
* Added HTML escaping of the missing language pack error message.
* Fixed extern.php not using cached config.
* Fixed certain BBCode combinations resulting in garbled output.
* Fixed words containing the characters of BBCode's not being properly added
  to the search index.
* Removed remark in install script instructions regarding spaces after the
  closing PHP tag which didn't make sense since config.php does not contain a
  closing PHP tag.
* Fixed SQL injection vulnerability in profile (only exploitable when
  register_globals is on).