Would you consider a feature request for a setting to disable the tmux integration feature? The exploit seems like good evidence for the need for this.
I finally got around to installing iTerm2 this year. It's great, thanks to you (and to all contributors) for all your hard work! I will say, though, that while features like shell integration sound powerful, I personally choose to keep them disabled in order to minimize attack surface. It would be nice to be able to disable tmux integration as well for the same reason, given I don't use tmux.
Yep, good idea. There is an advanced pref to disable potentially risky control sequences. I plan to invest in giving users the option to lock things down more so they can trade off convenience vs security as they see fit
