This update fixes a security issue related to cross site scripting (XSS) in the ezoption datatype.ezoption datatype was missing wash() operators on output, so if your site uses this datatype then you are at risk of allowing XSS attacks.
Patch:
https://github.com/ezsystems/ezpublish/commit/2444b4a70f23d6873cd8dd70474cfe7a411cfd19
A Security Update with the reference EZPSA-2011-002 is available for eZ Publish Enterprise customers.