We were notified about possible SQL injection and applied a patch.
Please note that we don't have any clear evidence of successful attacks and the issue is potentially only related to sh404sef component used together with the bridge.
We were not able to reproduce the issue with the current version, but anyway, it's better to upgrade.
Read full article...