v2.4.13 has just been released which removes some vulnerabilities discovered that could be used for an XSS-attack.
This release, and specifically the new FlashTransport has now been audited by a member of the Google Security-team, and we are quite confident in its level of security.
So,
update as soon as possible.
Announcement group
A new group,
easxdm-announce, has now been created that will be used for important announcements such as discovered security issues and new releases.
Only select members are allowed to post to this, and so it will be 'spam-free' - please subscribe to this list in order to stay up-to-date.