At least at the time of abandonment, Dropbox did say (emphasis mine):
> While we did ensure that the reported vulnerabilities don’t affect our internal use of Lepton, we unfortunately don’t have the capacity to properly fix these and future issues in this public repo.
As far as I know this is indeed the last known public mention of its use, but given that Lepton was already in use and dropping it would substantially increase its traffic, it is reasonable to assume that its use somehow continues to this day.
That's pretty strange. If they're using it in a meaningful way, then they're applying it to arbitrary files, so they'd generally need fixes for almost all the bugs. So what resources would be lacking so badly that they give up on releasing?
It could just be a lame excuse. Open sourcing with zero support would be better than not doing it. But I imagine that this seems valuable enough to keep secret, or at least not to pay money to polish up for external use.
> While we did ensure that the reported vulnerabilities don’t affect our internal use of Lepton, we unfortunately don’t have the capacity to properly fix these and future issues in this public repo.
As far as I know this is indeed the last known public mention of its use, but given that Lepton was already in use and dropping it would substantially increase its traffic, it is reasonable to assume that its use somehow continues to this day.