No we weren't on the phone with HG as I believe they were first made aware of the exploit, but had not made the issue public yet. The fix wasn't available at the time we disabled Horde, some 16 hours ago. Check the time stamp of Steve's announcement and you'll see it was made before cpanel's security blog post.
Steve made this issue public over 16 hours ago (from the time of this post), before the security alert was posted on the cpanel blog, and I contacted several large hosts to let them know about the Horde exploit.
|