Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Why were the patch versions for vulnerability (snky id: SNYK-GOLANG-GITHUBCOMLIBOPENSTORAGEOPENSTORAGEAPISERVER-565845) released so late? #2302

Open
Silence-worker-02 opened this issue Jul 26, 2023 · 0 comments

Comments

@Silence-worker-02
Copy link

Hello, we are a research team working on Golang. During our investigation, we found vulnerability (https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMLIBOPENSTORAGEOPENSTORAGEAPISERVER-565845) was addressed in commit 9db49f2. However, we noticed that the patch version was released after long time (337 days). We are curious about the reasons behind the delayed release of the patch version, as it may hinder the efficient distribution of patches to downstream users. Could the reason be

1.Issues with testing and CI checking.

2.Other commits have to be incorporated into one release.

3.By convention, versions are not frequently released.

4.Other reasons.

Thank you for your attention, and we look forward to receiving your reply.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant