Fedora has issued an advisory on March 11:
The updated to 4.35 with an additional bug fix (it would be good to update Cauldron).
Fixed upstream in 4.34
Cauldron already has 4.34, but note Luigi's remark about 4.35.
Assigning to tv who did the 4.34 (& earlier) update[s).
The updated package fixes some bugs including a security vulnerability:
Decoding hash keys without ending ':'.
Updated package in core/updates_testing:
Fixed upstream in 4.34 =>
Note that this is still pending a freeze move in Cauldron.