diff --git a/ webgoat/main/WAR Installation Instructions.txt b/ webgoat/main/WAR Installation Instructions.txt
index ffa5681ba..c2b050cf4 100644
--- a/ webgoat/main/WAR Installation Instructions.txt	
+++ b/ webgoat/main/WAR Installation Instructions.txt	
@@ -1,14 +1,28 @@
+===============================================================
 Installing WebGoat WAR file into a Standard Tomcat Installation
+
+    Help: Mail List - http://lists.owasp.org/mailman/listinfo/owasp-webgoat
+          Email     - webgoat@g2-inc.com 
 ===============================================================
 
-To do this, you'll need to configure server.xml and tomcat-users.xml a bit. Basically, you'll want to change the port number in server.xml to 80 (or just stick with 8080).  WebGoat also has some specific users and roles that it uses which are defined in tomcat-users.xml. 
+To do this, you'll need to configure server.xml and tomcat-users.xml a bit. 
+Basically, you'll want to change the port number in server.xml to 80 (or just stick with 8080).  
+WebGoat also has some specific users and roles that it uses which are defined in tomcat-users.xml. 
 
-- Add the following users to tomcat-users.xml in tomcat/conf directory
+- Add the following users and roles to tomcat-users.xml in tomcat/conf directory
+
+<?xml version="1.0" encoding="UTF-8"?>
+<tomcat-users>
+  <role rolename="webgoat_basic"/>
+  <role rolename="webgoat_admin"/>
+  <role rolename="webgoat_user"/>
+  <role rolename="tomcat"/>
+  <user password="webgoat" roles="webgoat_admin" username="webgoat"/>
+  <user password="basic" roles="webgoat_user,webgoat_basic" username="basic"/>
+  <user password="tomcat" roles="tomcat" username="tomcat"/>
+  <user password="guest" roles="webgoat_user" username="guest"/>
+</tomcat-users>
 
-<user username="webgoat" password="webgoat" roles="webgoat_admin"/>
-<user username="basic" password="basic" roles="webgoat_user,webgoat_basic"/>
-<user username="guest" password="guest" roles="webgoat_user"/>
-<user username="admin" password="admin" roles="admin,manager"/>
 
 This is explained in the readme.txt file in the root directory.
 
@@ -17,4 +31,5 @@ browse to:
 
 http://localhost/WebGoat-VERSION_NUM/attack
 
-Let us know if you are still having problems at the WebGoat mailing list: http://lists.sourceforge.net/lists/listinfo/owasp-webgoat.
+Let us know if you are still having problems at the WebGoat mailing list: http://lists.owasp.org/mailman/listinfo/owasp-webgoat
+or by sending email to WebGoat@g2-inc.com
diff --git a/ webgoat/main/build.xml b/ webgoat/main/build.xml
index b6b9a7b30..ffcb6a640 100644
--- a/ webgoat/main/build.xml	
+++ b/ webgoat/main/build.xml	
@@ -56,7 +56,7 @@
 
   <property name="app.home"    		   value="${basedir}/project"/>
   <property name="app.name"    		   value="WebGoat"/>	<!-- MUST BE CONSISTENT WITH project/build.xml! -->
-  <property name="app.version"    		   value="5.0-RC1"/>		<!-- MUST BE CONSISTENT WITH project/build.xml! -->
+  <property name="app.version"    		   value="5.0"/>		<!-- MUST BE CONSISTENT WITH project/build.xml! -->
   <property name="catalina.home" 		   value="${basedir}/tomcat"/>
   <property name="dist.home"     		   value="${app.home}/dist"/>
   <property name="dist.owasp"     		   value="${app.home}/owasp_distributions"/>
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java
index 833836732..a7c3e8aa4 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java	
@@ -63,7 +63,7 @@ public class BackDoors extends LessonAdapter
 
     private final static String SELECT_ST = "select userid, password, ssn, salary from employee where userid=";
 
-    private final static IMG MAC_LOGO = new IMG("images/logos/mac_Logo.gif").setAlt(
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
     "Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
 
     protected Element createContent(WebSession s)
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
index 82a9e64c7..371f6a742 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java	
@@ -68,7 +68,7 @@ public class CSRF extends LessonAdapter {
 	private static Connection connection = null;
 	private static int count = 1;
 	private final static int USER_COL = 4;	// Added by Chuck Willis - used to show user who posted message
-    private final static IMG MAC_LOGO = new IMG("images/logos/mac_Logo.gif").setAlt(
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
     "Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
 	
 	/**
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java
index e3c366925..92dfca62d 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java	
@@ -56,7 +56,7 @@ public class DOMInjection extends LessonAdapter
 
     private final static String KEY = "key";
 
-    private final static IMG MAC_LOGO = new IMG("images/logos/mac_Logo.gif").setAlt(
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
     "Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
 
     protected Element createContent(WebSession s)
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java
index ffc3c0656..7963e0508 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java	
@@ -53,7 +53,7 @@ public class ForcedBrowsing extends LessonAdapter
 
     private final static String SUCCEEDED = "succeeded";
 
-    private final static IMG MAC_LOGO = new IMG("images/logos/mac_Logo.gif").setAlt(
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
     "Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
 
     /**
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java
index 13af6f404..fdc604a8a 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java	
@@ -55,7 +55,7 @@ public class HttpSplitting extends LessonAdapter
 
     private static String STAGE = "stage";
 
-    private final static IMG MAC_LOGO = new IMG("images/logos/mac_Logo.gif").setAlt(
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
     "Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
 
     /**
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JSONInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JSONInjection.java
index 94aa74392..73a2906b2 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JSONInjection.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JSONInjection.java	
@@ -60,7 +60,7 @@ public class JSONInjection extends LessonAdapter
 
     private final static String TRAVEL_TO = "travelTo";
 
-    private final static IMG MAC_LOGO = new IMG("images/logos/mac_Logo.gif").setAlt(
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
     "Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
 
     public void handleRequest(WebSession s)
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java
index 40107c9cd..93eaf9708 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java	
@@ -58,7 +58,7 @@ public class LogSpoofing extends LessonAdapter
 
     private static final String PASSWORD = "password";
 
-    private final static IMG MAC_LOGO = new IMG("images/logos/mac_Logo.gif").setAlt(
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
     "Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
 
     protected Element createContent(WebSession s)
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java
index 0d726e30c..c966af97c 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java	
@@ -40,7 +40,7 @@ import org.owasp.webgoat.session.WebSession;
  */
 public class NewLesson extends LessonAdapter
 {
-    private final static IMG MAC_LOGO = new IMG("images/logos/mac_Logo.gif").setAlt(
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
     "Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
 
     /**
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java
index e683ea698..ac76705e3 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java	
@@ -60,7 +60,7 @@ public class SilentTransactions extends LessonAdapter
 
     private final static Double CURRENT_BALANCE = 11987.09;
 
-    private final static IMG MAC_LOGO = new IMG("images/logos/mac_Logo.gif").setAlt(
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
     "Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
 
     public void handleRequest(WebSession s)
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java
index 8a8924b05..88f1c5cb6 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java	
@@ -60,7 +60,7 @@ public class XMLInjection extends LessonAdapter
 
     public static HashMap rewardsMap = new HashMap();
 
-    private final static IMG MAC_LOGO = new IMG("images/logos/mac_Logo.gif").setAlt(
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
     "Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
 
     protected static HashMap init()
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java
index acd3a351f..a8525c7c5 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java	
@@ -78,7 +78,7 @@ public class XPATHInjection extends LessonAdapter
 
     private final static String PASSWORD = "Password";
 
-    private final static IMG MAC_LOGO = new IMG("images/logos/mac_Logo.gif").setAlt(
+    private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
     "Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
 
     protected Element createContent(WebSession s)
diff --git a/ webgoat/main/project/WebContent/WEB-INF/web-unix.xml b/ webgoat/main/project/WebContent/WEB-INF/web-unix.xml
index 9951b3e7f..0c93700db 100644
--- a/ webgoat/main/project/WebContent/WEB-INF/web-unix.xml	
+++ b/ webgoat/main/project/WebContent/WEB-INF/web-unix.xml	
@@ -174,6 +174,10 @@
       <servlet-class>org.owasp.webgoat.LessonSource</servlet-class>
     </servlet>
 
+    <servlet>
+	 <servlet-name>conf</servlet-name>
+	 <jsp-file>/lessons/ConfManagement/config.jsp</jsp-file>
+    </servlet>
     <!-- Define mappings that are used by the servlet container to
          translate a particular request URI (context-relative) to a
          particular servlet.  The examples below correspond to the
@@ -231,6 +235,10 @@
       <url-pattern>/source</url-pattern>
     </servlet-mapping>
 
+    <servlet-mapping>
+      <servlet-name>conf</servlet-name>
+      <url-pattern>/conf</url-pattern>
+    </servlet-mapping>
     
     <!-- Define the default session timeout for your application,
          in minutes.  From a servlet or JSP page, you can modify
diff --git a/ webgoat/main/project/WebContent/WEB-INF/web-windows.xml b/ webgoat/main/project/WebContent/WEB-INF/web-windows.xml
index e3595d6f5..70f7cbfd1 100644
--- a/ webgoat/main/project/WebContent/WEB-INF/web-windows.xml	
+++ b/ webgoat/main/project/WebContent/WEB-INF/web-windows.xml	
@@ -174,6 +174,10 @@
       <servlet-class>org.owasp.webgoat.LessonSource</servlet-class>
     </servlet>
 
+    <servlet>
+	 <servlet-name>conf</servlet-name>
+	 <jsp-file>/lessons/ConfManagement/config.jsp</jsp-file>
+    </servlet>
     <!-- Define mappings that are used by the servlet container to
          translate a particular request URI (context-relative) to a
          particular servlet.  The examples below correspond to the
@@ -231,7 +235,11 @@
       <url-pattern>/source</url-pattern>
     </servlet-mapping>
 
-    
+    <servlet-mapping>
+      <servlet-name>conf</servlet-name>
+      <url-pattern>/conf</url-pattern>
+    </servlet-mapping>
+
     <!-- Define the default session timeout for your application,
          in minutes.  From a servlet or JSP page, you can modify
          the timeout for a particular session dynamically by using
@@ -308,7 +316,7 @@
 	    <role-name>webgoat_user</role-name>
 	</security-role>
 	
-		<security-role>
+	<security-role>
 	    <description>This role is for admins only</description>
 	    <role-name>server_admin</role-name>
 	</security-role>
diff --git a/ webgoat/main/project/WebContent/WEB-INF/web.xml b/ webgoat/main/project/WebContent/WEB-INF/web.xml
index 95439f11e..979937b87 100644
--- a/ webgoat/main/project/WebContent/WEB-INF/web.xml	
+++ b/ webgoat/main/project/WebContent/WEB-INF/web.xml	
@@ -316,7 +316,7 @@
 	    <role-name>webgoat_user</role-name>
 	</security-role>
 	
-		<security-role>
+	<security-role>
 	    <description>This role is for admins only</description>
 	    <role-name>server_admin</role-name>
 	</security-role>
diff --git a/ webgoat/main/project/WebContent/images/logos/mac_Logo.gif b/ webgoat/main/project/WebContent/images/logos/macadamian.gif
similarity index 100%
rename from  webgoat/main/project/WebContent/images/logos/mac_Logo.gif
rename to  webgoat/main/project/WebContent/images/logos/macadamian.gif
diff --git a/ webgoat/main/project/build.xml b/ webgoat/main/project/build.xml
index d7ab1033a..ef607d673 100644
--- a/ webgoat/main/project/build.xml	
+++ b/ webgoat/main/project/build.xml	
@@ -74,7 +74,7 @@
 
   <property name="app.name"      		   value="WebGoat"/>
   <property name="app.path"      		   value="/${app.name}"/>
-  <property name="app.version"   		   value="5.0-RC1"/> <!-- UPDATE THIS! -->
+  <property name="app.version"   		   value="5.0"/> <!-- UPDATE THIS! -->
   <property name="build.home"    		   value="${basedir}/build"/>
   <property name="catalina.home" 		   value="${basedir}/../tomcat"/> <!-- UPDATE THIS! -->
   <property name="dist.home"     		   value="${basedir}/dist"/>
diff --git a/ webgoat/main/readme.txt b/ webgoat/main/readme.txt
index e5a8f851c..811aee7f5 100644
--- a/ webgoat/main/readme.txt	
+++ b/ webgoat/main/readme.txt	
@@ -1,10 +1,11 @@
 **********          WebGoat 5.0
-**********          01.17.2007
+**********          01.31.2007
 **********
 **
-**  Source Code: http://code.google.com/p/webgoat
-**  User Guide: http://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents
-**  Home Page: http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
+**  Source Code:  http://code.google.com/p/webgoat
+**  Download:     http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61824
+**  User Guide:   http://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents
+**  Home Page:    http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
 **  Contact Info: webgoat@g2-inc.com
 **
 **********
@@ -18,7 +19,7 @@ testing techniques.
 
 
 WARNING 1: While running this program your machine will be 
-extremely vulnerable to attack. You want to disconnect
+extremely vulnerable to attack. You should to disconnect
 from the Internet while using this program.
 
 WARNING 2: This program is for educational purposes only. If you
@@ -28,14 +29,15 @@ hacking, most companies will fire you. Claiming that you were
 doing security research will not work as that is the first thing
 that all hackers claim.
 
-You can find more information about WebGoat at
-http://www.owasp.org
+You can find more information about WebGoat at:
+http://code.google.com/p/webgoat
 
 CREDITS (Latest release)
 
 	Bruce Mayhew (http://www.g2-inc.com)
 	Sherif Koussa (http://www.macadamian.com)
 	Rogan Dawes (http://dawes.za.net/rogan)
+	Eric Sheridan (http://www.aspectsecurity.com) 
 	Carlo Pelliccioni
 	The many people who have sent comments and suggestions...
         
@@ -49,23 +51,30 @@ WHAT'S NEW
 	* Log Spoofing 
 	* Cache Poisoning 
 	* Back Doors via SQL Injection 
+	* Many upgrades and minor fixes
 
 INSTALLATION
 
-Windows
+Windows - (Download, Extract, Double Click Release)
 
-1. unzip the Windows_WebGoat-x.x.zip to your working environment 
-2. To start Tomcat, browse to the WebGoat directory unzipped above and double click "webgoat.bat"
+1. unzip the Windows_WebGoat-x.x_Release.zip to your working environment 
+2. To start Tomcat, browse to the WebGoat directory unzipped above and 
+     double click "webgoat.bat"
 3. start your browser and browse to... (Notice the capital 'W' and 'G')
-	http://localhost/WebGoat/attack
+	 http://localhost/WebGoat/attack
 4. login in as: user = guest, password = guest
 5. To stop WebGoat, simply close the window you launched it from.
 
+Note: When intercepting request with IE7.  You must add a '.' to the
+      end of localhost.  i.e. 
+          http://localhost./WebGoat/attack        or
+          http://localhost.8080/WebGoat/attack    if using a non standard port
+
 
 Linux
 
 1. Download and install Java JDK 1.5 from Sun (http://java.sun.com)
-2. Unzip the Unix_WebGoat-x.x.zip to your working directory
+2. Unzip the Unix_WebGoat-x.x_Release.zip to your working directory
 3. Set JAVA_HOME to point to your JDK1.5 installation
 4. chmod +x webgoat.sh 
 5. Since the latest version runs on a privileged port, you will need to start/stop WebGoat as root.
@@ -78,7 +87,7 @@ Linux
 
 OS X (Tiger 10.4+)
 
-1. Unzip the Unix_WebGoat-x.x.zip to your working directory
+1. Unzip the Unix_WebGoat-x.x_Release.zip to your working directory
 2. chmod +x webgoat.sh
 3. Since the latest version runs on a privileged port, you will need to start/stop WebGoat as root.
 	sudo sh webgoat.sh start
@@ -120,8 +129,24 @@ A. This usually indicates an Eclipse environment setting misconfiguration. Here
 		- Return to the Ant View and refresh.
 
 Q. When I start up WebGoat it dies very quickly.
-A. WebGoat is a Java application that runs on Tomcat using port 80.  If you have another application listening on port 80 (like IIS), you will need to change WebGoat's port (to 8080 or something) in the tomcat_root/conf/server.xml file.
+A. WebGoat is a Java application that runs on Tomcat using port 80.  If you have another 
+   application listening on port 80 (like IIS), you will need to change WebGoat's port 
+   (to 8080 or something) in the tomcat_root/conf/server.xml file.
 
-For more current FAQs, please visit http://www.owasp.org/software/webgoat/faq.html
+Q. When I deploy the war file to the Tomcat wepapps directory, I can't login to WebGoat
+A. You need to add the webgoat users and roles to tomcat/conf/tomcat-users.xml
 
-Please send questions, comments, suggestions, bugs, etc to webgoat@owasp.org
\ No newline at end of file
+    <?xml version="1.0" encoding="UTF-8"?>
+    <tomcat-users>
+      <role rolename="webgoat_basic"/>
+      <role rolename="webgoat_admin"/>
+      <role rolename="webgoat_user"/>
+      <role rolename="tomcat"/>
+      <user password="webgoat" roles="webgoat_admin" username="webgoat"/>
+      <user password="basic" roles="webgoat_user,webgoat_basic" username="basic"/>
+      <user password="tomcat" roles="tomcat" username="tomcat"/>
+      <user password="guest" roles="webgoat_user" username="guest"/>
+    </tomcat-users>
+
+
+Please send questions, comments, suggestions, bugs, etc to webgoat@g2-inc.com
\ No newline at end of file