Comment 7 for bug 1436082

In that case, there's no need to keep the bug marked private, and it can just be fixed publicly through the normal code review process. The VMT isn't issuing any advisories for server-to-server or server-to-backend communication security hardening measures until the situation across those projects improves to the point where we actually think we've adequately secured this traffic against malicious actors on internal management networks by default.