I put the corrected version of the B27 patch (*.cgi and XBITHACK) on hyperreal. I also created a new patch-ID for the NCSA security fix to strsubfirst(). This was left out of the 0.2 release --- it is now our B41, and also a patch-for-0.2 on hyperreal. rst