> The module is unmaintained. Who do you suggest should do it? Will you?
Yes. I am contacting the security team and working on a patch already. The page mentions someone is currently working on the issue already however.
> "This software is broken so you shouldn't use it" is absolutely a perfectly reasonable solution.
I don't completely agree. If it's unmaintained, new installations shouldn't use it, totally agree. That doesn't help the 120K installations which are using the plugin though. It may take more time to impedance match apis, rather then fixing the security issue.
Yes. I am contacting the security team and working on a patch already. The page mentions someone is currently working on the issue already however.
> "This software is broken so you shouldn't use it" is absolutely a perfectly reasonable solution.
I don't completely agree. If it's unmaintained, new installations shouldn't use it, totally agree. That doesn't help the 120K installations which are using the plugin though. It may take more time to impedance match apis, rather then fixing the security issue.