In-Reply-To: <20041227194544.6255.qmail@xxxxxxxxxxxxxxxxxxxxx> >Session File Disclosure vulnerability is patched in version 1.4.3. >Cross Site Scripting vulnerability will be patched probably in >version 1.5. In fact both of these were fixed in 1.4.3 (the currently available release).