Why were the patch versions for vulnerability(snyk id: SNYK-GOLANG-GITHUBCOMCOCKROACHDBCOCKROACHPKGSERVER-1909511) released so late? #107600
Unanswered
Silence-worker-02
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello, we are a research team working on Golang. During our investigation, we found vulnerability(https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCOCKROACHDBCOCKROACHPKGSERVER-1909511) was addressed in commit e7ee6e2. However, we noticed that the patch version was released after a year (36 days). We are curious about the reasons behind the delayed release of the patch version, as it may hinder the efficient distribution of patches to downstream users. Could the reason be
1.Issues with testing and CI checking.
2.Other commits have to be incorporated into one release.
3.By convention, versions are not frequently released.
4.Other reasons.
Thank you for your attention, and we look forward to receiving your reply.
Beta Was this translation helpful? Give feedback.
All reactions