Both issues have been addressed in patch 4.4.3 of OXID eShop all editions. Partners, owners of support contracts and NDA owners have been informed when we published patch 4.4.3.
If you work with a very strong customized template, you don’t can support every template-change in shop updates.
So, is it possible, if there changes for security in the template, to publish them.
I now, its a security question and better don’t publish.
But I think, these bug should be fixed in logic, not in templates. So if there is a security-fix inside templates, please publish.