Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Why were the patch versions for CVE-2022-21687 released so late? #1335

Open
Silence-worker-02 opened this issue Nov 15, 2023 · 0 comments
Open

Comments

@Silence-worker-02
Copy link

We are a research team dedicated to Golang, have discovered that CVE-2022-21687 was addressed in commit 83413c3. However, upon analyzing the commit, we observed that the patch version (v1.1.3) was released after a lapse of over one month. We are interested in understanding the reasons behind this delay in releasing the patch version, as it could potentially impede the prompt dissemination of patches to downstream users. We seek clarification on whether the delay might be attributed to:

  1. Issues with testing and CI checking.
  2. Other commits requiring inclusion in a single release.
  3. By convention, infrequent release of versions.
  4. Other reasons.
    We appreciate your attention to this matter and eagerly await your response. Thank you.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants
@Silence-worker-02 and others