That is the answer. OMLx users please know that OM devs do not ignore security issues. They participate in discussions with many upstream organizations in order to keep up with this among many other things..
I believe this is the upstream commit. Note the date.