158e6d1
2.7.4, including a better fix for CVE-2015-1196 that still allows symlinks referencing ".." to be created.