This XSS issue was resolved/released in 0.9.10-jenkins-29 so the package in Debian already contains the fix for this security issue. Apologies - I should have detailed this in the changelog entry. Cheers James -- James Page Ubuntu Core Developer