I think people leaving facebook en masse would be a good thing (TM) for society, not a doomsday. Fewer echo chambers, less disinformation, and people forced to make effort to contact each other.
I've been following Josip's work on and off for years now (he's probably on every big white hat hall of fame there is), and I'm pretty sure he wouldn't go public even if it took them a month to fix this.
If he said in a public blog post that it took them a month to fix something so simple, I could see the shit storm aimed at Facebook on social networks (including here), but I highly doubt any user would be compromised.
git pull; sh tests; rsync /prod/ all@prod:/var/www/
^ That is copyrighted by the way. Ill take a consultant fee. I know - I know it should be thousands of lines of puppet, jenkins, hooks, Kubernetes, Salt, and 2 million lines of python and ELM all piped through Docker containers -- I am NOT an animal.
You forgot to rewrite the logic in xml, and then fetch it over the internet from unknown third parties by tunneling it through json, then http. Bonus points if the the whole thing is deployed via docker hub.
I'd more impressed in some other context since a willingness to skimp on validation and "red tape" is how a bug like this ends up in production in the first place.