This release fixes a Remote File Inclusion vulnerability on servers where register_globals is enabled (which is discouraged, by the way). If you are affected, you are strongly encouraged to download and install the following patch:
If not already done, update to CMSimple_XH 1.6.1 first. Then upload the contents of the patch pakage to your website.