How MuleSoft patched a critical security flaw and avoided a disaster