Dear Eelko, thank you for your additional details. Development has indeed confirmed that _edit.r gets installed for deployment, not only for development environments. The information about this vulnerability and the recommended workaround have been published in our knowledge base, as solution #P123694.