Role Scoper 1.3.6 is now available.  It fixes a security hole in RS 1.3.x when using Reader Restrictions without setting post status to “Private” visibility.  Sites restricting access via “Private” setting are not affected.  See the full change log below:

• BugFix : Post previews for qualified users failed with “Not Found” error

• BugFix : For template calls to get_terms() / get_categories() / wp_list_categories(), include argument was not handled correctly (since 1.0)

• BugFix : Fatal Error for logged Administrators (undefined method merge_scoped_blogcaps) in some cases

• BugFix : Reader role restrictions not applied in some situations