[Geoserver-devel] Security breach in 1.6.x

Hi,
so we have one user reporting a major security breach
on GeoServer 1.6.x when the data dir we ship along with
the .war distribution is used (i.e., it does not affect
the bin distribution nor the windows installer, and neither
users that did set up an external data dir).

Details here:
http://jira.codehaus.org/browse/GEOS-1785
and on the users mailing list, topic named "The security of the Geoserver 1.6.0?"

Opinions, what shall we do? Release 1.6.1a with a patch for
that issue in a hurry (by working on the tag directly)?

Cheers
Andrea