Since this is part of the EXPERIMENTAL 2.6 API and the MVP of interoperable image import, which are not enabled by default, I don't think it requires a security advisory. It's definitely something that needs to be fixed, though.
Since this is part of the EXPERIMENTAL 2.6 API and the MVP of interoperable image import, which are not enabled by default, I don't think it requires a security advisory. It's definitely something that needs to be fixed, though.