Why were the patch versions for CVE-2020-36565 released so late? #2546
-
|
We are a research team dedicated to Golang, have discovered that CVE-2020-36565 was addressed in commit 4422e3b. However, upon analyzing the commit, we observed that the patch version (v4.2.0) was released after a lapse of over one month. We are interested in understanding the reasons behind this delay in releasing the patch version, as it could potentially impede the prompt dissemination of patches to downstream users. We seek clarification on whether the delay might be attributed to:
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
There were probably already merged PRs in master branch that had minor version change worthy changes. v4.2.0 has a lot of changes https://github.com/labstack/echo/releases/tag/v4.2.0 At that time period Echo was not that actively maintained. |
Beta Was this translation helpful? Give feedback.
There were probably already merged PRs in master branch that had minor version change worthy changes. v4.2.0 has a lot of changes https://github.com/labstack/echo/releases/tag/v4.2.0
At that time period Echo was not that actively maintained.