Why were the patch versions for CVE-2021-23772 released so late? #2283
Unanswered
Silence-worker-02
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We are a research team dedicated to Golang, have discovered that CVE-2021-23772 was addressed in commit e213dba. However, upon analyzing the commit, we observed that the patch version (v12.2.0-alpha8) was released after a lapse of over one month. We are interested in understanding the reasons behind this delay in releasing the patch version, as it could potentially impede the prompt dissemination of patches to downstream users. We seek clarification on whether the delay might be attributed to:
We appreciate your attention to this matter and eagerly await your response. Thank you.
Beta Was this translation helpful? Give feedback.
All reactions