We encountered security flaws with that servlet and its workflow that sends the browser into the web frontend.

Therefore the a similar request is added to the standard login servlet. That similar request is more restricted - it needs a lot more parameters - but it does not have any vulnerability related problems if the transport layer does not work correctly. All information about the new request is described in chapter ... (in this release notes).