Basically every single GitHub Enterprise Server deployment is still vulnerable to this bug. that is tens of thousands of appliances containing incredibly sensitive code.

Also, this was about as bad as a vulnerability can get. It’s not exaggerating to say that all private code on GitHub should be considered compromised because of this issue. An anonymous user could have read every single private repo. To me, that warrants BREAKING.