Maybe I missed this in the thread, but what exactly is required from 3.0.15 that is not satisfied by 3.0.10 + CVE patches? We certainly can go through the exercise to update everything, but it will be a moderately involved effort. A concrete justification would be good before we dive into that hole.