Comment by computerfan494
1 month ago
That's a good question. I suppose that posting the commit makes it incredibly obvious how to exploit the issue, so maybe they wanted to wait a little bit longer for their on-prem users who were slow to patch?
1 month ago
That's a good question. I suppose that posting the commit makes it incredibly obvious how to exploit the issue, so maybe they wanted to wait a little bit longer for their on-prem users who were slow to patch?
Posting the CVE and then the patch is the reverse of this.
By "patch" I am talking about the public commit. Updated binaries were made available when the CVE was published.
That's not what the blog post implies given they only told people how to update aftwards.