Comment by eviks
13 hours ago
> Contracts excluded
They aren't. If you ignore vulnerability report from an entity without a support contract, the vulnerability doesn't disappear just because the entities with support contracts are not aware of it
13 hours ago
> Contracts excluded
They aren't. If you ignore vulnerability report from an entity without a support contract, the vulnerability doesn't disappear just because the entities with support contracts are not aware of it
Curl has a ton of features, I can imagine this means fixing small fraction of the vulns affecting only the supporters.
Why would you imagine they have any clue about the area of effect if they ignore the report?