Thanks, cschramm. Is it safe for us to publish our fixes, then? Generally we include the CVE ID and a description of the vulnerability in our changelog and publish on CRD.
Since it doesn't sound like there's an official CRD and the vulnerabilities are semi-public, is there any reason we shouldn't publish our packages at this point? If you're not ready for us to make our packages public, can we set a CRD?
Thanks, cschramm. Is it safe for us to publish our fixes, then? Generally we include the CVE ID and a description of the vulnerability in our changelog and publish on CRD.
Since it doesn't sound like there's an official CRD and the vulnerabilities are semi-public, is there any reason we shouldn't publish our packages at this point? If you're not ready for us to make our packages public, can we set a CRD?