Adobe has stated that JIRA issues with security problems would not be ported to our JIRA. I think they are not porting those, obviously, because then big gaping security holes would be out in the open that they probably don't want the public to know about... I know the project's been donated, but the 4.6 still bears the name Adobe Flex, and because their name is on it they are going to continue to take the same kind of steps they've always taken to safeguard security risks.
Ideally, the patches to the 4.6.x security holes that Adobe might fix, or anything else it patches, do make their way into our branch at some point. But this is why I suggest that the Apache Flex version numbers start at 4.7.x, so there is no confusion. Any hotfixes, patches and security holes can be maintained for 4.6 versions by Adobe without them having to worry about changes done in 4.7, and it'd be easier for us to merge those changes from 4.6.10 or whatever to 4.7.0 and back up the chain... at least I think it would be, someone might correct me on this. -omar
