I started a security scan on a fresh installed grammm and got this vulnerable packages (as well as some other security issues):
It was easy to fix. Just login into the console and type:
But I think the latest release should not be shipped with vulnerable packages, this is in general really critical. Especially when the product is so easy to install for end users.
I will continue some other security checks. I think I don't have to tell about the unsecure admin-access where you already said, that this will be fixed in the next release.
If you want I can provide a document where I describe how to make the grammm-linux secure in your admin documentation. Just tell me if I should spend time on that.