Hey, The disclosure announcement for CVE-2010-2234 mentions 0.11.2 or 1.0.1. And indeed, follows hot on the heels of both releases. However, the 1.0.1 NEWS and CHANGES do not include an entry for the fix.
Can someone please confirm for me whether the fix for CVE-2010-2234 landed in the 1.0.x branch for this release? Thanks, -- NS
