Alan Knowles has this new post from his blog with a bit of information about the updates made to the HTML_Template_Flexy PEAR package that he's finally gotten around to making.

After seeing quite a few "fixed XSS problem" cvs commits on the mailing lists, I finally remembered that a release of Flexy was overdue. The thought, "that would not have happened if they had used flexy" came to mind a bit too often.. Flexy is designed to be safe by default (like a firewall where you have to try hard to open ports)

HTML_Template_Flexy has not had much added to it in the last 6 months, probably as it just 'works', tries not to get in your way, or do to much.. But there have been a few bugs left over from the last release in January, along with a few tiny feature requests. So I finally got round to tidying up a release.

He notes that there's "nothing mind shattering in this release", but that there are more manual pages now with entries for 'flexy:nameuses' and 'flexy:tojavascript jsvar="phpvar"'. There are a few other smaller issues he mentions, but overall, the release is mainly a bugfix...