Ben just sent this to the mailing list and has asked me to post a copy to the forums:

Dear Spring Community

A potentially serious bug has been identified in existing releases of Acegi Security (http://opensource.atlassian.com/proj.../browse/SEC-20). New and supported releases (0.7.1 and 0.8.3) are now available that correct this issue. We urge all users to upgrade as soon as possible:

* Users of CVS HEAD should rebuild from the current CVS HEAD
* Users of releases 0.8.0, 0.8.1 or 0.8.2 should upgrade to release 0.8.3
* Users of release 0.7.0 should upgrade to release 0.7.1, or preferably release 0.8.3
* Users of releases prior to 0.7.0 should upgrade to 0.7.1, or preferably release 0.8.3

You can download these releases directly from https://sourceforge.net/project/show...roup_id=104215.

If anyone has any questions, please email the acegisecuity-developer mailing list.

Cheers
Ben