We've just released a security patch for YOURLS, so everyone is advised to update when possible.
We've hardened security. All prior versions of YOURLS, up to 1.7.3, can be abused in a way that allows a script kiddy malicious user to use your API by forging a valid timestamp, and add unwanted links to your shortener.
How to update?
Same and as painless as usual: download the archive and overwrite all existing files. While you’re at it, backup your database, and tell your friends and family to update too!