Unfortunately, it turns out that our fix for one of the security advisories issued on Monday was not complete.
Fortunately, the incomplete fix is for the non-critical vulnerability. The worst case is that an attacker could consume excessive CPU time.
Nevertheless, we've issued a new advisory and pushed a new release:
Sorry for the rapid repeated releases, but we don't like sitting on security bugs.