Just replied to your comment on GitHub. I appreciated the official response.
Like I mentioned on GitHub, your updater is broken, so your customers aren't getting this update even if you guys did release it. See my comment for details, but it appears that the file which triggers the Update Framework feature to work has been rolled back to an old version.
Regarding your comment on 'responsible disclosure', where did you responsibly disclose this exploit to your customers and notify them that a critical update was needed to prevent, in your words "a way to cripple many (many, many, many) websites."?
Like I mentioned on GitHub, your updater is broken, so your customers aren't getting this update even if you guys did release it. See my comment for details, but it appears that the file which triggers the Update Framework feature to work has been rolled back to an old version.
Regarding your comment on 'responsible disclosure', where did you responsibly disclose this exploit to your customers and notify them that a critical update was needed to prevent, in your words "a way to cripple many (many, many, many) websites."?