If you're running Habari 0.6.4 or earlier, I encourage you to update to the recently released Habari 0.6.5 to resolve a minor security issue.

To quote the release post:

A very minor security-related issue was discovered this week that allowed an attacker to reset the password of any user_id he was able to guess, triggering a reset email to the affected user. While we're unaware of any instances of this occurring in the wild and at no time was the attacker able to obtain the user's password, we've made a simple fix and packaged up the 0.6.5 release.

All users of the 0.6.4 release are encouraged to upgrade immediately to avoid this inconvenience.

You can download a zip file or check out the tag directly from Subversion.

This is more of an inconvenience than a security issue, but it's important none-the-less.