All users of versions prior to 0.5.1 can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.
Problem has been patched in version 0.5.1
Users may remediate this vulnerability without upgrading by applying these patches to older suppoorted versions.
If you have any questions or comments about this advisory: