A security vulnerability in Joomla! has been reported to the JSST (Joomla! Security Strike Team).
There is a proposed patch and a test download available to the community.
The test zip package is a full Joomla! release and is available here: http://joomlacode.org/gf/project/joomla/frs/?action=FrsReleaseBrowse&frs_package_id=5459.
For those of you who would prefer to test just a patch, it is available here: http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_id=32&tracker_item_id=22767.
Our plan is to give the community a short time window to test the proposed solution. We have tested to make sure it fixes the vulnerability, but of course there is always a chance (small, we hope) that it could break something else. Assuming that the test feedback is good, we will plan to release version 1.5.21 as soon as humanly possible.
Thanks for your help and your understanding.