After he notified jQuery File Upload author Sebastian Tschan of the issue, it emerged that the flaw (CVE-2018-9206) was introduced when Apache, Blueimp’s web server, disabled a default security ...