The good folks at the Habari Project have made a point release of Habari, bringing it up to version 0.6.3.
Point releases are generally reserved for security related issues. Other issues may also be fixed, but generally they would have to be major or minor enough to include without changing Habari's behavior.
This release has several security fixes. First, it closes a hole by which an authorized user could manually fiddle with the urls while logged in and gain access to another user's user information page. The release also polishes up the access control list system by bringing the undelete plugin into its fold, so users can't accidently permanently delete posts that other users have written, and better integrates the core dashboard modules plugin with the ACL system.
A non-security feature in this release is a work- around for a bug in PHP 5.2.10 which prevented cURL from working properly. This version of PHP had a couple of issues with its handling of cURL ( see, for example, http://bugs.php.net/bug.php?id=48518 and http://bugs.php.net/bug.php?id=48733). Since ISPs are starting to move to this version of PHP, and Ubuntu's Karmic Koala is shipping with PHP 5.2.10, it was thought advisable to include a fix for this in Habari, so users wouldn't have to be concerned about what version of PHP they were using.
If your site is running Habari 0.6.2, the update will be seamless. Earlier versions should also have no problems, so head over to Habari's release post, download the update, backup your data, and get on the freshest stable version of Habari!