I tested Erno's patch and it does fixes the issue, AFAICT. I think it'd be ok to move with this one and hold off a proper refactor once the CVE is fixed.
Hermanth mentioned on IRC that this could be introducing a backwards incompatible change. I'm personally not super worried about this as it is a *bug* and an ugly one. Don't think there's a good way to fix this in a backwards compatible way.
I tested Erno's patch and it does fixes the issue, AFAICT. I think it'd be ok to move with this one and hold off a proper refactor once the CVE is fixed.
Hermanth mentioned on IRC that this could be introducing a backwards incompatible change. I'm personally not super worried about this as it is a *bug* and an ugly one. Don't think there's a good way to fix this in a backwards compatible way.
Thoughts?