Just to make sure I understand the proposed backport, will existing deployments need to make any changes to their configuration to mitigate the described vulnerability, or is the configuration option merely going to be for enabling the old insecure mode of operation?
We generally employ a security note instead of an advisory if existing depoyments will need to make configuration changes to enable security fixes rather than being secure by default after applying the patch.
Just to make sure I understand the proposed backport, will existing deployments need to make any changes to their configuration to mitigate the described vulnerability, or is the configuration option merely going to be for enabling the old insecure mode of operation?
We generally employ a security note instead of an advisory if existing depoyments will need to make configuration changes to enable security fixes rather than being secure by default after applying the patch.