A security issue has been discovered in Q2A (affecting all versions) so we're releasing a new version, 1.7.5. Big thanks to 'l3m0n' who reported the issue. I've informed Gideon, who should prepare a download and update the website soon. UPDATE: v1.7.5 now available here.
In the meantime, the quickest and simplest fix is to replace the file qa-include/qa-install.php in your site with this one from the Q2A Github repository. I recommend all site owners do this asap. (Alternatively you could delete the file as it's not required after you've installed Q2A.)
The fix has also been pushed to the master and dev branches on Github so you can download the latest code from there if you like. This also includes some other minor bug fixes that were in the dev branch and due to be part of 1.8, but they will be in 1.7.5 instead:
- Use site language for reCAPTCHA.
- Add site language to HTML tag.
- Change from / reply-to for feedback form.
- Fix missing icon on private messages in SnowFlat theme.
- Fix users being unable to see all their own profile fields.
- Minor validation fixes.