I haven’t posted anything about the Cross Site Scripting security hole that’s been widely covered everywhere else, but I just noticed that the Apache Group has issued a statement about it on the Apache site. The synopsis for non-Apache administrators: the Apache Group is taking the problem very seriously, so you should too, despite the paranoid ramblings of John Dvorak (which I won’t link to because I think John Dvorak is an ignorant jerk).