Nah, c suite was pretty clearly in the right here. Dude left because he was pissed that a vulnerability got assigned a CVE instead of just… Not informing anyone so they could quietly fix it.
Have you looked into the CVE? Apparently it is a non issue. You could use it to dos a service that have an experimental feature enabled, which is disabled by default, on a non stable Version. I understand the dev. CVE should be for serious issues. And they alerted their users over an email list
It can be used for dos, as it is crashing workers, but they will be restarted anyway.
It’s an experimental feature. It doesn’t need a bugfix release because you’re not supposed to run it in production, and it’s just a DoS, not privilege escalation or something
Nah, c suite was pretty clearly in the right here. Dude left because he was pissed that a vulnerability got assigned a CVE instead of just… Not informing anyone so they could quietly fix it.
Have you looked into the CVE? Apparently it is a non issue. You could use it to dos a service that have an experimental feature enabled, which is disabled by default, on a non stable Version. I understand the dev. CVE should be for serious issues. And they alerted their users over an email list
It can be used for dos, as it is crashing workers, but they will be restarted anyway.
It’s an experimental feature. It doesn’t need a bugfix release because you’re not supposed to run it in production, and it’s just a DoS, not privilege escalation or something