I'm highly dissatisfied with this update, because I already know a lot of people will just keep their custom version of the default template ignoring the security problem.
Just to be clear: despite not having fixed the problem Daniele has found, version 2.3b truly fixes some other serious problems.
I published it knowing a lot of people have such a configuration that will ignore the fix, keeping the problem.
This truly annoys me but I couldn't work enough to get a better solution.
I still want to help spreading the cure, so I want to publish soon a revision that will inject the solution inside customized templates.
This could potentially break some customizations, but... better safe than sorry.