diff --git a/.CHANGES.NEW b/.CHANGES.NEW
index 9433a4945..734045291 100644
--- a/.CHANGES.NEW
+++ b/.CHANGES.NEW
@@ -7,7 +7,7 @@
  \___/|_| |_|_|  \___|\__,_|_|\___/\_| \_| \____/\__,_|
 
                                Configuration Program
-                                for Unreal3.2.8
+                                for Unreal3.2.8.1
                                     
 This program will help you to compile your IRC server, and ask you
 questions regarding the compile-time settings of it during the process. 
diff --git a/.RELEASE.NOTES b/.RELEASE.NOTES
index cad689e06..09af2b933 100644
--- a/.RELEASE.NOTES
+++ b/.RELEASE.NOTES
@@ -1,5 +1,9 @@
-Unreal3.2.8 Release Notes
-==========================
+Unreal3.2.8.1 Release Notes
+============================
+
+==[ ABOUT 3.2.8.1 RELEASE ]==
+This Unreal3.2.8.1 release fixes a (serious) security issue regarding
+allow::options::noident. The original release notes for 3.2.8 are below.
 
 ==[ GENERAL INFORMATION ]==
 - If you are upgrading on *NIX, make sure you run 'make clean' and './Config'
diff --git a/Changes b/Changes
index f81b1bf20..1754ba971 100644
--- a/Changes
+++ b/Changes
@@ -1764,3 +1764,6 @@
   (time jump message).
 - Updated credits (donations)
 ** 3.2.8 release **
+- Fixed (serious) security issue regarding allow::options::noident,
+  reported by meepmeep (#0003852).
+** 3.2.8.1 release **
diff --git a/Unreal.nfo b/Unreal.nfo
index 4a7a34075..d509081b4 100644
--- a/Unreal.nfo
+++ b/Unreal.nfo
@@ -1,5 +1,5 @@
 ===============================================
-=            UnrealIRCd v3.2.8                =
+=            UnrealIRCd v3.2.8.1              =
 ===============================================
  This release was brought to you by:
 
diff --git a/doc/unreal32docs.de.html b/doc/unreal32docs.de.html
index 71ace41f6..f765db146 100644
--- a/doc/unreal32docs.de.html
+++ b/doc/unreal32docs.de.html
@@ -2129,7 +2129,7 @@ bekannt als Z:Line)</font><div class="desc">
 };</pre>
 <p>Der Ban IP Block verhindert das Verbinden von bestimmten IP Adressen her zum
 Server. Das gilt sowohl für Verbindungsversuche von Usern als auch von Servern.<br>
-<b>ban::mask</b> ist eine IP, die Wildcards enthalten kann<br>
+<b>ban::mask</b> ist eine IP, die Wildcards enthalten kann.<br>
 <b>ban::reason</b> ist der Grund, warum der Bann eingetragen wurde.<br>
 Da dieser Bann auch Server betreffen kann, sollte man beim Eintrag von IP
 Adressen sehr vorsichtig sein.</p>
diff --git a/include/version.h b/include/version.h
index b26f04cf9..e682dfb51 100644
--- a/include/version.h
+++ b/include/version.h
@@ -46,14 +46,14 @@
  * Can be useful if the above 3 versionids are insufficient for you (eg: you want to support CVS).
  * This is updated automatically on the CVS server every Monday. so don't touch it.
  */
-#define UNREAL_VERSION_TIME         200908
+#define UNREAL_VERSION_TIME         200914
 
 #define UnrealProtocol 		2309
 #define PATCH1  		"3"
 #define PATCH2  		".2"
 #define PATCH3  		".8"
 #define PATCH4  		""
-#define PATCH5  		""
+#define PATCH5  		".1"
 #define PATCH6  		""
 #define PATCH7  		""
 #define PATCH8  		COMPILEINFO
diff --git a/src/modules/m_user.c b/src/modules/m_user.c
index d0b9f4f1f..6c9a33a79 100644
--- a/src/modules/m_user.c
+++ b/src/modules/m_user.c
@@ -210,7 +210,8 @@ DLLFUNC CMD_FUNC(m_user)
 		if (USE_BAN_VERSION && MyConnect(sptr))
 			sendto_one(sptr, ":IRC!IRC@%s PRIVMSG %s :\1VERSION\1",
 				me.name, sptr->name);
-
+		if (strlen(username) > USERLEN)
+			username[USERLEN] = '\0'; /* cut-off */
 		return(
 		    register_user(cptr, sptr, sptr->name, username, umodex,
 		    virthost,ip));
diff --git a/src/s_conf.c b/src/s_conf.c
index 8946cdeb7..4981e9ac8 100644
--- a/src/s_conf.c
+++ b/src/s_conf.c
@@ -2734,25 +2734,15 @@ int	AllowClient(aClient *cptr, struct hostent *hp, char *sockhost, char *usernam
 			Debug((DEBUG_DNS, "a_il: %s->%s", sockhost, fullname));
 			if (index(aconf->hostname, '@'))
 			{
-				/*
-				 * Doing strlcpy / strlcat here
-				 * would simply be a waste. We are
-				 * ALREADY sure that it is proper 
-				 * lengths
-				*/
 				if (aconf->flags.noident)
-					strcpy(uhost, username);
+					strlcpy(uhost, username, sizeof(uhost));
 				else
-					strcpy(uhost, cptr->username);
-				strcat(uhost, "@");
+					strlcpy(uhost, cptr->username, sizeof(uhost));
+				strlcat(uhost, "@", sizeof(uhost));
 			}
 			else
 				*uhost = '\0';
-			/* 
-			 * Same here as above
-			 * -Stskeeps 
-			*/
-			strncat(uhost, fullname, sizeof(uhost) - strlen(uhost));
+			strlcat(uhost, fullname, sizeof(uhost));
 			if (!match(aconf->hostname, uhost))
 				goto attach;
 		}
@@ -2763,11 +2753,11 @@ int	AllowClient(aClient *cptr, struct hostent *hp, char *sockhost, char *usernam
 				strncpyzt(uhost, username, sizeof(uhost));
 			else
 				strncpyzt(uhost, cptr->username, sizeof(uhost));
-			(void)strcat(uhost, "@");
+			(void)strlcat(uhost, "@", sizeof(uhost));
 		}
 		else
 			*uhost = '\0';
-		(void)strncat(uhost, sockhost, sizeof(uhost) - strlen(uhost));
+		strlcat(uhost, sockhost, sizeof(uhost));
 		/* Check the IP */
 		if (match_ip(cptr->ip, uhost, aconf->ip, aconf->netmask))
 			goto attach;
diff --git a/src/win32/gui.c b/src/win32/gui.c
index 27b1387da..7190041a5 100644
--- a/src/win32/gui.c
+++ b/src/win32/gui.c
@@ -17,7 +17,7 @@
  *   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  */
 
-#define WIN32_VERSION BASE_VERSION PATCH1 PATCH2 PATCH3 PATCH4
+#define WIN32_VERSION BASE_VERSION PATCH1 PATCH2 PATCH3 PATCH4 PATCH5
 #include "resource.h"
 #include "version.h"
 #include "setup.h"
diff --git a/src/win32/service.c b/src/win32/service.c
index 3ac88858f..60b24e9b7 100644
--- a/src/win32/service.c
+++ b/src/win32/service.c
@@ -35,7 +35,7 @@ SERVICE_STATUS_HANDLE IRCDStatusHandle;
 BOOL IsService = FALSE;
 
 extern OSVERSIONINFO VerInfo;
-#define WIN32_VERSION BASE_VERSION PATCH1 PATCH2 PATCH3 PATCH4
+#define WIN32_VERSION BASE_VERSION PATCH1 PATCH2 PATCH3 PATCH4 PATCH5
 
 /* Places the service in the STOPPED state
  * Parameters: