Comment 3 for bug 1892980

Subscribing Leonidas who did the CVE fix and tagging regression-update.
Since the break is pushed to -security the fixup (if any) will need to land there as well.
Also he will have more experience in security fixes that suddenly make new features required to work around new limitations.

@Leonidas what is your advice how to go on here?