Comment by computerfan494
14 hours ago
That's a good question. I suppose that posting the commit makes it incredibly obvious how to exploit the issue, so maybe they wanted to wait a little bit longer for their on-prem users who were slow to patch?
14 hours ago
That's a good question. I suppose that posting the commit makes it incredibly obvious how to exploit the issue, so maybe they wanted to wait a little bit longer for their on-prem users who were slow to patch?
Posting the CVE and then the patch is the reverse of this.
By "patch" I am talking about the public commit. Updated binaries were made available when the CVE was published.