A long while back, security researcher Sam Mortenson reported a cross-site scripting vulnerability in Drupal core's Link module. Essentially, the options property on link fields was not being properly sanitized. This meant cross-site scripting was possible under some circumstances -- and, as always for cross-site scripting, we were concerned that the XSS could be combined with other attacks and escalated to more serious exploits.
Security
Back in 2013, I led the core contribution mentoring day at DrupalCon Sydney. I'd already flown from the US to Europe three times at that point (first for Drupal Developer Days Barcelona, then for DrupalCon Munich and the Paris VDC sprint, and finally for a whirlwind 72 hours in London to sprint on VDC and CMI). None of that prior international travel prepared me in the slightest for the over 24 hours of nonstop air travel/physical torture that it takes to get from Wisconsin to Australia.
