The process is to address the CVE in stx master first and then cherrypick to the r/stx.4.0 release branch after some soak time
The process is to address the CVE in stx master first and then cherrypick to the r/stx.4.0 release branch after some soak time