diff --git a/common/protob/messages-management.proto b/common/protob/messages-management.proto
index be936f60f..d35e6e09a 100644
--- a/common/protob/messages-management.proto
+++ b/common/protob/messages-management.proto
@@ -20,7 +20,7 @@ enum BackupType {
  * @next Features
  */
 message Initialize {
-    optional bytes session_id = 1;           // assumed device session id; Trezor clears caches if it is different or empty
+    optional bytes session_id = 3;           // assumed device session id; Trezor clears caches if it is different or empty
 }
 
 /**
diff --git a/core/embed/firmware/version.h b/core/embed/firmware/version.h
index 808377c05..0654e2dd1 100644
--- a/core/embed/firmware/version.h
+++ b/core/embed/firmware/version.h
@@ -4,6 +4,6 @@
 #define VERSION_BUILD 0
 
 #define FIX_VERSION_MAJOR 2
-#define FIX_VERSION_MINOR 3
+#define FIX_VERSION_MINOR 2
 #define FIX_VERSION_PATCH 0
 #define FIX_VERSION_BUILD 0
diff --git a/core/src/trezor/messages/Initialize.py b/core/src/trezor/messages/Initialize.py
index 73dd3fdc9..2bab78b46 100644
--- a/core/src/trezor/messages/Initialize.py
+++ b/core/src/trezor/messages/Initialize.py
@@ -22,5 +22,5 @@ class Initialize(p.MessageType):
     @classmethod
     def get_fields(cls) -> Dict:
         return {
-            1: ('session_id', p.BytesType, 0),
+            3: ('session_id', p.BytesType, 0),
         }
diff --git a/legacy/firmware/ChangeLog b/legacy/firmware/ChangeLog
index 47a462e36..f76f4cc3e 100644
--- a/legacy/firmware/ChangeLog
+++ b/legacy/firmware/ChangeLog
@@ -1,4 +1,4 @@
-Version 1.9.0? [not yet released]
+Version 1.9.0 [not yet released]
 * Disallow changing of settings via dry-run recovery
 * Wipe code
 * Make LoadDevice debug only and drop its XPRV feature
diff --git a/legacy/firmware/config.c b/legacy/firmware/config.c
index bddff3d51..daba0e222 100644
--- a/legacy/firmware/config.c
+++ b/legacy/firmware/config.c
@@ -558,7 +558,7 @@ const uint8_t *config_getSeed(void) {
   // if storage has mnemonic, convert it to node and use it
   char mnemonic[MAX_MNEMONIC_LEN + 1] = {0};
   if (config_getMnemonic(mnemonic, sizeof(mnemonic))) {
-    char passphrase[51];
+    char passphrase[MAX_PASSPHRASE_LEN + 1] = {0};
     if (!protectPassphrase(passphrase)) {
       memzero(mnemonic, sizeof(mnemonic));
       memzero(passphrase, sizeof(passphrase));
@@ -614,8 +614,7 @@ bool config_getRootNode(HDNode *node, const char *curve) {
   if (seed == NULL) {
     return false;
   }
-  int result;
-  result = hdnode_from_seed(seed, 64, curve, node);
+  int result = hdnode_from_seed(seed, 64, curve, node);
   if (result == 0) {
     fsm_sendFailure(FailureType_Failure_NotInitialized, _("Unsupported curve"));
   }
diff --git a/legacy/firmware/fsm_msg_common.h b/legacy/firmware/fsm_msg_common.h
index 765af80e8..a8834430e 100644
--- a/legacy/firmware/fsm_msg_common.h
+++ b/legacy/firmware/fsm_msg_common.h
@@ -22,6 +22,7 @@ void fsm_msgInitialize(const Initialize *msg) {
   signing_abort();
   if (msg && msg->has_session_id && msg->session_id.size == 32) {
     if (0 != memcmp(session_getSessionId(), msg->session_id.bytes, 32)) {
+      // If session id was specified but does not match -> clear the cache.
       session_clear(false);  // do not lock
     }
   } else {
diff --git a/legacy/firmware/protect.c b/legacy/firmware/protect.c
index 26675fd85..5169e3324 100644
--- a/legacy/firmware/protect.c
+++ b/legacy/firmware/protect.c
@@ -351,10 +351,11 @@ bool protectChangeWipeCode(bool removal) {
 }
 
 bool protectPassphrase(char *passphrase) {
+  memzero(passphrase, MAX_PASSPHRASE_LEN + 1);
   bool passphrase_protection = false;
   config_getPassphraseProtection(&passphrase_protection);
   if (!passphrase_protection) {
-    passphrase[0] = '\0';
+    // passphrase already set to empty by memzero above
     return true;
   }
 
@@ -387,7 +388,6 @@ bool protectPassphrase(char *passphrase) {
         result = false;
         break;
       }
-      // TODO: ask - why ppa->passphrase.size is not working? because of tiny?
       strlcpy(passphrase, ppa->passphrase, sizeof(ppa->passphrase));
       result = true;
       break;
diff --git a/legacy/firmware/protect.h b/legacy/firmware/protect.h
index d53d3ae09..f94742302 100644
--- a/legacy/firmware/protect.h
+++ b/legacy/firmware/protect.h
@@ -24,6 +24,8 @@
 #include "messages-common.pb.h"
 #include "secbool.h"
 
+#define MAX_PASSPHRASE_LEN 50
+
 bool protectButton(ButtonRequestType type, bool confirm_only);
 secbool protectPinUiCallback(uint32_t wait, uint32_t progress,
                              const char* message);
diff --git a/python/src/trezorlib/messages/Initialize.py b/python/src/trezorlib/messages/Initialize.py
index 3d8ca3810..3d84f94a5 100644
--- a/python/src/trezorlib/messages/Initialize.py
+++ b/python/src/trezorlib/messages/Initialize.py
@@ -22,5 +22,5 @@ class Initialize(p.MessageType):
     @classmethod
     def get_fields(cls) -> Dict:
         return {
-            1: ('session_id', p.BytesType, 0),
+            3: ('session_id', p.BytesType, 0),
         }