Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"I've only received one response last Thursday that someone would look into it, but the issue seemed to die there."

I am not clear here where the 24 hours starts.



I'm guessing 24 hours from now.


We'll push this fix to 2-3-stable and master now as the 'damage is done' in terms of disclosure.

The timeframe for the 2.3.3 point release is hopefully 'this week'. We're just waiting on a few other things to fall into place.


If you're trying to convince your community that it's better to work through your process, letting nebulous "other things" continue holding up a week-old one-line fix to a catastrophic security flaw is not helping. Disclosure enables everyone else to work around the problem now.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: