Hmm, that one is a bit tricky. Disabling the whole feature in a stable update sounds like a bad idea, this can hardly be considered a fix for the vulnerability, at best a workaround.
One alternative would be to issue a "security note" instead, advising people to disable it...
Adding markmc for the stable team for their opinion.
Hmm, that one is a bit tricky. Disabling the whole feature in a stable update sounds like a bad idea, this can hardly be considered a fix for the vulnerability, at best a workaround.
One alternative would be to issue a "security note" instead, advising people to disable it...
Adding markmc for the stable team for their opinion.