Why were the patch versions for vulnerability (CVE-2020-7665, CVE-2020-7666, CVE-2020-7669) released so late? #2726
Silence-worker-02
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello, we are a research team working on Golang. During our investigation, we found vulnerabilities (CVE-2020-7665, CVE-2020-7666, CVE-2020-7669) was addressed in commit c995e6b. However, we noticed that the patch version was released after long time (over one month). We are curious about the reasons behind the delayed release of the patch version, as it may hinder the efficient distribution of patches to downstream users. Could the reason be
1.Issues with testing and CI checking.
2.Other commits have to be incorporated into one release.
3.Versions adhering to the usual release cycle.
4.Other reasons.
Thank you for your attention, and we look forward to receiving your reply.
Beta Was this translation helpful? Give feedback.
All reactions