A Release Candidate 3 has just been released (see s9y.org - Downloads, that fixes a couple of reported PHP error notices (in Spartacus, for template configurations). Also the error reporting itself has been reworked a bit to be less verbose. This version also addresses enhanced escaping for stored cookie values of the media database, which we have received a (not very clear) report of. This only affected logged-in users of the backend, so the impact should be minimal.
Please report any issues you find with RC3 as usual on the s9y forums; if you want to address any security issues, please contact security (at) s9y . org. We take all reports seriously, and are very thankful for anyone reporting issues to us. We are a small team, so any help from the outside is really appreciated (and needed) by us. Thanks!