However, I do believe that since the origin of this thread started in March, where a workaround is proposed (Sikka) and it is three months later, such exploits are good to be in full disclosure.
I agree that the nature of the exploit and ways to mitigate it should be disclosed. However, the specifics, namely, a piece of code that may reproduce the effect has not place in a public community forum. My reasoning is, this form is for the community, by the community, and there always will be outsiders, such as script kiddies, who will happily try out those exploits without taking a moment to consider the consequences on actual businesses and actual people.
Shouldn’t the forum have a category security?
+1 for this, although a very tough topic to manage and moderate, it sounds nice to have a dedicated category.