This shouldn't be tagged as a grave security issue. The symlink tests in Apache are trivial to overcome with timing attacks and the Apache documentation explicitly states that the symlink tests should not be considered a security restriction.
http://httpd.apache.org/docs/2.2/mod/core.html#options John
signature.asc
Description: This is a digitally signed message part