A minor, but annoying CSRF vulnerability has been fixed. It allowed an attack on /!logout function through image tags. Such as below:
Of course, now it is safe.
Updating the engine and the templates is recommended.
The changed files can be seen here: https://asm32.info/fossil/repo/asmbb/info/42032b0a862fccd3. Notice how the logout link is replaced by a form and submit button, styled as an ordinary link.