Security Issue

We've found and fixed (we think) a security hole in DWR. It's an XSS attack.
The release candidate for 2.0.5 is here: https://dwr.dev.java.net/servlets/ProjectDocumentList?folderID=9420

I'm hoping to release it by the end of the week.
It would be very helpful if people could throw this jar file into their web-apps to see if anything breaks.

Thanks,

Joe.