applying upgrade of 1.5.1 -> 1.6.0. Upgraded login form. Added @csrf tokens to forms using post. Fix security issue by displaying username without escaping html entities. User queries hrefs have their names url quoted which makes multi word queries a valid url.