Hello, we are a research team working on Golang. During our investigation, we found CVE-2021-28484 was addressed in commit 82bdf202c53460bac9106cc9b4b34a0a16cae0ed. However, we noticed that the patch version (v3.0.1) was released after long time (30 days). We are curious about the reasons behind the delayed release of the patch version, as it may hinder the efficient distribution of patches to downstream users. Could the reason be
1.Issues with testing and CI checking.
2.Other commits have to be incorporated into one release.
3.By convention, versions are not frequently released.
4.Other reasons.
Thank you for your attention, and we look forward to receiving your reply.
Hello, we are a research team working on Golang. During our investigation, we found CVE-2021-28484 was addressed in commit 82bdf202c53460bac9106cc9b4b34a0a16cae0ed. However, we noticed that the patch version (v3.0.1) was released after long time (30 days). We are curious about the reasons behind the delayed release of the patch version, as it may hinder the efficient distribution of patches to downstream users. Could the reason be
1.Issues with testing and CI checking.
2.Other commits have to be incorporated into one release.
3.By convention, versions are not frequently released.
4.Other reasons.
Thank you for your attention, and we look forward to receiving your reply.