A security issue has been identified in earlier versions of this add-on. The issue allows a cross site scripting (XSS) attack to potentially be triggered via a specially crafted username. XSS issues may allow an attacker to steal data (including cookies) or force a user to take actions without their consent or knowledge (possibly including administrative actions).
I strongly recommend all users to upgrade to the latest version of Calendar v6.1 to resolve the issue as soon as possible.
Calendar v6.0 changes:
New improved way of adding recurring events. Updated User Group Permission for thread_view calendar link.
Calendar v5.6 changes:
Fixed minor issue with Daylight Savings Time.
Calendar v5.4 changes:
Added Previous Month and Next Month buttons to Calendar page.
Calendar v5.3 changes:
Removed title when hovering over Calendar link in thread_list_item.