CMSimple_XH 1.7.1 fixes two vulnerabilities, namely that the CSRF tokens have not been cryptographically secure, and a potential information leakage in newsboxes. Furthermore, a lot of mostly minor bugs have been fixed, and updates to Pagemanager_XH 3.1 and Fa_XH 1.2 have been made.
See the changelog for details.
As usual you have the following options:
SHA-256 hash: 110D4D25298810C9FB7095CA1A1BA04067AA9C9F7C95FF2E4376262E96C67658
CMSimple_XH-1.7.1-update-from-1.7.0.zip
SHA-256 hash: A3447DECF765EB576544756BBBDFE0A1B4ED4B9B95D5515B657E6207B0E10A82
Enjoy!