Topic: Plupload 1.5.4
Security fix: Disable scripting on swf loaded from another domain
We used to do: Security.allowDomain("*"); in Flash, so that it was possible for example to load swf from CDN and still script it. But recently we were told that this was quite a bad idea and could open doors for CSRF attack (thanks to Neal Poole and Nathan Partlan). We are commenting this line out now, but still leaving it in there, so that you could uncomment it and recompile if required. Change is small, but quite dramatic, however you should not worry if you never loaded swf shim from another domain. Otherwise be warned. Upgrade is recommended!
Flash: Disable scripting if swf was loaded from another domain.