From Habari Project
The 0.9.2 release provides security and bug fixes, and enhancements for the 0.9 series. All users are encouraged to upgrade. If you need a complete list of changes in 0.9.2, you can view a diff of 0.9.2 against 0.9.1 on GitHub.
Important notice: Habari now requires PHP 5.4, starting with this release. Please make sure you are running at least PHP 5.4. Keep in mind that there are even newer versions available and you should upgrade for security reasons if you have the possibility.
- Deny access to unpublished posts for anonymous users by default. Otherwise everyone can access unpublished posts by adding a parameter to the URL if the post's slug is known #562
- Fix a bug where authenticated users were able to delete and modify any user by modifying POST data  and 
- Fix a problem with blocks #546
- Update for latest Flickr API 
- Fix a problem with the menus plugin where blocks were not deleted when a menu was deleted. #526
- Correctly show which silo is selected when multiple silos are available #483
- Stop Flickr silo from breaking when image has no title #484
- Fix a problem where cron jobs run endlessly instead of being deactivated on SQLite #593 and #597
- Fix installing themes that require plugins #591
Upgrading should be safe and possible without further work. Still, as with any change to a production system, you should backup your database and files.
As with any piece of software issues and enhancement requests remain. For full details see Habari's Issue tracker on GitHub.