This release fixes a Remote File Inclusion vulnerability on servers where register_globals is enabled (which is discouraged, by the way). If you are affected, you are strongly encouraged to download and install the following patch.
If not already done, update to CMSimple_XH 1.5.10 first. Then upload the contents of the patch pakage to your website.