Y
Hacker News
new
|
ask
|
show
|
jobs
by
computerfan494
169 days ago
That's a good question. I suppose that posting the commit makes it incredibly obvious how to exploit the issue, so maybe they wanted to wait a little bit longer for their on-prem users who were slow to patch?
1 comments
philipwhiuk
169 days ago
Posting the CVE and then the patch is the reverse of this.
link
computerfan494
169 days ago
By "patch" I am talking about the public commit. Updated binaries were made available when the CVE was published.
link
philipwhiuk
163 days ago
That's not what the blog post implies given they only told people how to update aftwards.
link