I've already written about this to mailing lists but good to post here also.
I've said multiple times that there won't be more 2.12.x stable releases. And the reasons were good, like not having the VS2003 compiler anymore.
But due to the DLL injection vulnerability we have no other change than make a new release. Otherwise we'd leave lots of users vulnerable. And WinMerge is even listed as vulnerable application by Secunia.
But this means that next 2.12.x stable release is much more than just fix for that vulnerability. There will be compiler and runtime update to VS 2008, translation updates, couple of new translations, some bug fixes etc. This is way more than we have used to have in "late" bug fix releases and I'm not really happy to do this - more changes means bigger risk of something breaking also.
Since we are going to add more changes now, I'm also interested in fixing some bugs we have fixed in trunk meanwhile. So if you want some fix to appear in next stable release also, please comment on the bug/patch item, and preferably also here so I don't miss it. Fix must still be low risk fix and I'm not considering any complex rewrites or refactorings to stable release. But if we can make stable release a bit more stable and better release then we should do it.
Because there will be so many changes I probably will be releasing a new beta release from the stable branch before actual stable release. To get some more public testing. I hope we can make the stable release to happen within few weeks.