Apache::Session 1.53 has been released. Fixed in this release: * Three bugs in the file handling code found by Erik Rantapaa and Bart Shaefer. * A possible security vulnerability involving bogus session IDs like '../../../../../etc/passwd'. Don't worry, I wasn't able to actually think of an exploit, but I put in sanity checks on the session IDs just in case. Have fun, Jeffrey Baker