Comment by nicce
4 months ago
It is unfortunate, but somewhere you need to draw the line, if you are planning to stop releases. If they fix this, how about the next? Why fix this one but not the next CVE? Is the reaction same next time and they end up fixing endlessly?
IMO they should've waited at least a month after updating their README. The timeline is rather short.
It'll be hard to convince people to buy their commercial offering after pulling something like this.
On the other hand, they did the work for free, so it's up to them to decide when to stop doing that. Plus, anyone can fork the repo and maintain their own version with fixes and docker images and everything.