What amazes me though, is the “bash patrol” that always comes out after something like this happens. It doesn’t matter which framework or application but as soon as a security issue gets reported people immediately start complaining and saying how much it sucks, what a rookie mistake, you should switch to x, and on and on.
I find this highly annoying. The fact of the matter is that every line of code is created by a human and all of us are going to make mistakes. So have a little empathy. Next week it could be your favorite tool or even worse your code.