I stored out version 1.30 of mini_httpd. This includes an important security fix. Prior versions allowed remote users to read arbitrary files in some circumstances. This version plugs the hole.
I checked all my other web servers and they do not have the same bug.