Comment 32 for bug 1732067

If mitigating this on some supported stable branches is going to require the operator to make configuration changes, then this is probably better handled as a security note than an advisory.