Thanks for the update. Assuming no issue is found, my proposal would be that we quietly merge this in to the next release and produce a 1.2 patch for those needing to continue running 1.2. We can say that it fixes a security issue but be non-specific about what the bug was - we'll just link to this report (which they won't be able to read as it's currently private).
Once that's been released for a month or so, having given people a chance to upgrade or patch their systems, I'll set the visibility of this bug to public and those interested can pick over the notes if they wish.
Does that seem reasonable - Dan?
Also still need to implement validation before we try and load a class with the PageManager - but suggest we only include that in 1.4.2 onwards as it's not important to fixing this issue completely.
Thanks for the update. Assuming no issue is found, my proposal would be that we quietly merge this in to the next release and produce a 1.2 patch for those needing to continue running 1.2. We can say that it fixes a security issue but be non-specific about what the bug was - we'll just link to this report (which they won't be able to read as it's currently private).
Once that's been released for a month or so, having given people a chance to upgrade or patch their systems, I'll set the visibility of this bug to public and those interested can pick over the notes if they wish.
Does that seem reasonable - Dan?
Also still need to implement validation before we try and load a class with the PageManager - but suggest we only include that in 1.4.2 onwards as it's not important to fixing this issue completely.