If I read it correctly, this is a DoS solution that can't deal real damage, such as remote code execution?
That's right, this is only a
DoS issue, that could have a performance impact (it does NOT have a 'remote code execution' vulnerability). This was fixed in
v2.4.0 RC1, so if you want to avoid this issue, you can use that version (or any other later version, like
v2.4 RC07).
HFS v3.0 is a new software, that has been totally rewritten from the ground up (it has nothing to do with the old code of HFS v2.x).
Which HFS version is more secure (2.3m / 2.4 / 3.0)? Logically, not the beta versions, but they may have some vulnernabilities patched, I guess.
About 'which HFS version is more secure', in terms of security, it is always best to stick with the latest available version (this applies to any other software too). But the decision is always up to the end user.