Hi,

I've raised this as a bug, but I thought I'd mention it here as well:

Version 4.5.1, Open source.
A possible information leak: the .htaccess file is incorrectly generated when it is rebuilt by SugarCRM admin section. It introduces a double backslash on the first two RedirectMatch lines of the file, allowing the sugarcrm.log and emailman.log files to be seen remotely, instead of redirecting users to the correct page.