fixes a session reuse issue even though this release has not been tagged
as 'security relevant'. Details at http://drupal.org/node/967244.
Make sure you upgrade all files while you're logged in (or have access
to settings.php) otherwise you'll lock yourself out pretty easily, in
case you use Captcha for logins. Database upgrade required, too.
- install drupal modules/themes as root:daemon rather than www:www
(only the files/ directory needs to be writeable by 'www').
- don't install 'settings.php' world-readable since it contains the
DB password. Use 640, owner 'www' instead.
- bump all modules.
tested in production, including upgrade szenarios.
ok sthen@ and landry@, maintainer timeout.
