We're currently using DWR 1.1.4, which has weaknesses in terms of modern web security. An update to 3.0.2 should be possible, but is a substantial piece of work and impacts a number of cases (Monitoring Plugin and Kraken as well as core).
change was merged, assumed as resolved