From the Readme file:
This patch fixes a fairly serious security flaw in Quake 3 Arena.
Internet Security Systems identified the flaw and notified us with
reproduction details as well as an overview of the exploit. The
basic nature of the exploit is that malicious server operators could
overwrite any file on a client system. This type of thing is always
possible with DLL based mods (which is why we strongly recommend
VM based mods ) but with this exploit, it was possible within the
To help facilitate a rapid transition to the new codebase we have
also bumped the network protocol version. This means 1.17 is not
network compatibile with any prior version.
The install also includes all 3 PK3 files, because the original
"pak1.pk3" was not included in the final 1.16 release
for Mac and Win32 builds. This will address some pure server connection
issues. You will have to have all 3 pak files present to connect
to a pure server.
In addition to this security fix, we have also fixed the following:
- Callvote to single player game type causes the server to crash.
- Crash in bot initialization on some systems.