last night I discovered an important security hole in DaDaBIK so I decided to immediately release a version 4.3 beta2 with the only purpose of partially fixing it. All the other bug fixes and new features are waiting for the version 4.3 rc1, avaiable in 1 or 2 weeks as expected.
Among other problems, this could lead to XSS attack (http://en.wikipedia.org/wiki/Cross-site_scripting), which in turn could allow an unauthorized access to the application (http://en.wikipedia.org/wiki/Session_hijacking) and, if the Internet browser of the user contained security holes, even the execution of arbitrary code in the client machine.
The new 4.3 beta2 solves this problem. Even the DaDaBIK demo was affected and exploited by a malicious user; now it has been patched.
The problems described above can however occur even when the insert or edit feature was enabled (at least for one table) and the HTML content type is used; at the moment there isn't a patch for this second scenario, so the HTML content type should be used very carefully, as highlighted in the upgraded documentation. In the next few days, I would like to use something like http://htmlpurifier.org to allow the users to insert html text without security problems.
The 4.3 beta2 also fixes another minor GUI bug, as you can read from the changelog.