Security Explorations releases details on unpatched vulnerabilities in Googles App Engine software. The vulnerabilities in the software include three complete Java sandbox escapes that could be used to gather a lot of information on the Java Runtime Environment sandbox itself. Google’s Project Zero vulnerability research group has drawn some flak recently for its practice of publicly disclosing security flaws in software from other vendors after a 90-day notice period, regardless of whether patches are available or not. In December, the security firm claimed Google initially suspended its GAE account following the disclosures.”]