Hi all, FYI, I've removed expand_path() from both xfrun and libxfcegui4 because: 1) It's insecure to use "~" in PATH 2) the routine itself is insecure because it's using fixed string length and did not take care of checking bounds. Cheers, -- Olivier Fourdan <fourdan at xfce.org> http://www.xfce.org