Hello, A security hole allowing for arbitrary code execution has been discovered in the Snoopy class: http://www.sec-consult.com/216.html Gregarius installations whose Administration area aren't password-protected (e.g. where anyone can subscribe to feeds) are affected by this bug. I'll analyze this issue ASAP and consider whether a new release is necessary. In the meantime, please make sure that your Gregarius admin area is password protected, if your installation is publicly accessible from the web. I've created ticket #241 http://svn.gregarius.net/trac/ticket/241 to track this issue. -m