Has this vulnerability been fixed for the Meteor 1.6 beta?
Dirk Stevens

Meteor 1.6 beta.27 (and newer) will pin allow-deny to the patched version, 1.0.9. Though the instruction to run meteor update allow-deny applies to all versions of Meteor newer than 1.4, so it could be run on a pre-1.6-beta.27 version as well.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.