We will not delete the post. If we were afraid of having discussions on our site, we wouldn't have a forum in the first place. As you can see - everyone here can speak. Of course, if they follow our forum rules.
As for the subject:
1. This exploit only appears if you run a custom Host installer with the "Generate ID" function enabled AND if you click the "Tell me more" button.
2. This bug can only potentially be exploited by the remote user himself - to elevate their permissions. Yes, perhaps there might be other far less probably uses, but overall it has a very limited application/scope.
In this specific case marking your post as "BIG SECURITY ISSUE" could be misleading. Someone who visits our forum may think that our software in general has a big security issue that applies to absolutely all cases, which is very far from the truth.
So instead of posting here on the forum you could just send us a ticket or an email, and this bug would have been fixed in a few days without anyone even knowing about it, which is good for security. Security issues are not something that should be immediately disclosed - it is advisable to contact the developers privately first, and see how they respond. And if they don't respond and refuse to deal with the issue it may be time to use public pressure. Unfortunately, you decided to use public pressure right from the start as if we were unresponsive or unwilling to fix issues.
We never said that we didn't like when our customers or users let us know about exploits in our software. Quite the contrary, we can only be thankful for that and we encourage users to send us security bugs - the more the merrier. However, our concern is that making such information public BEFORE the bug is fixed is somewhat imprudent and can diminish security for existing users who use that specific feature. This is certainly not a proper way security bugs should be dealt with.
This update is going to have other fixes and a reworked MSI Configurator. Today we'll be doing final testing before we provide it. So it's not this only bug that this update is going to fix.
Although the bug you mention is a security concern, it is not THAT major or urgent as you might imagine. If it is of so much extreme importance for you please restrain from distributing your Host installer for a while before we provide an update.
Sorry, we do not utilize a "piece of cake" approach. We need to make sure that the next update has been tested before we can make it public. Besides, publicly speaking about found exploits doesn't make your existing installations more secure, hope you understand.
If we have a beta we will make it public and let our users know about it. But we cannot share each and every step of the development process. Each company decides how much transparency it should provide and we don't believe that being that transparent necessarily speeds up the development process. We would rather spend this time and effort on the development itself.
Sorry, we didn't count how many customers we lost. That would be a useless exercise, given how much work to do we have ahead. We strive to fulfill as many promises as we can but it's not always possible to fulfill them all within a reasonable time frame.
We understand how important the Viewer for Mac can be for some users. The work on it is in progress now. Unfortunately, we couldn't provide it earlier simply because there were other priorities - features we needed to implement to increase our paid customer base. It's not that we don't want to or cannot implement all suggestions that we receive, it's only that we work on priorities because we must think about our bottom line. It's as simple as that.