Hi, The note for CVE-2010-0009 was never added to NEWS or CHANGES. Based on Jan's disclosure, it looks like the fix only landed in 1.0.2. Is that correct? If it is, I will correct our documentation.
Please reply ASAP, this is blocking other work. Thanks! -- NS
