OriginalInfo:
I love getting security warnings. It means people are watching out for us.
I received a XSS warning from Audun Larsen (much thanks!) concerning the Search module. The fix is available via Boost. While there you will want to download the new Base/Core update as well. It has some fixes to DBPager to assist the Search bug.
I don't think the bug is extremely serious. The XSS code is cleaned out before it hits the database. That said, I don't want someone to prove me wrong. Go ahead and update.
The Base/Core update also has some fixes for the makeThumbnail function that was breaking PhotoAlbum (thanks Verdon).
The warning (besides the security one) is that the new code does not work with versions of php under 4.4.0. If are still running a version under 4.4.0 you will need to edit some files.
Open core/class/DBPager.php and mod/search/class/Search.php. Search for "\pL" and delete it. This is a regular expression modifier to allow foreign and accented characters. If you are running an English site, then no problem. If you are not, then you will need to upgrade to 4.4.0 or above or your umlauts may cause problems.