mkelan
commented
1 year ago We review the critical vulnerabilities periodically and act on them. Depending on whether the vulnerability is applicable to us (based on whether we use that vulnerable code and how that dependency is used etc.) we either fix them or close them (if its not applicable). Also we dont normally back port these vulnerability fixes, its often fixed forward.
There is 20 Critical vulnerabilities in packages right now. This two as example