Just mentioning it in case its been missed report here on the BBC website.
I saw this, and we are not on the affected release.
There was a maintenance release, 3.8.6 released on the 13th, I took a look at the change list and didn’t figure it massively important and left it as a job to do when I have time Fortunately I always leave it a short while unless there is something in the maintenance release of a security nature.
Thanks for the heads up, I hadn’t realised it had created a new storm in a tea cup though. Insecure software is all over the place, just take a look at some of the free forum software and bug lists
latest patch has been round long enough now, so I’ve done the deed and we are on the latest release version