2023-11-29, 09:58 PM
(This post was last modified: 2023-11-29, 10:03 PM by joshuaboniface. Edited 1 time in total.)
(2023-11-29, 02:53 PM)Connected3809 Wrote: Besides, there is an undisclosed CVE being patched, no way I'm going to jusy "Run Anyway" on this, I feel that would be incredibly foolish.
I have to say, that seems like a weird roundabout take. You're concerned about bypassing SmartScreen's very-likely-false-positive warning, because this is a patch to a security issue that isn't public, and therefore the code might be a security issue? You're free to review the patches and code that changed, it's in the release notes linked in the first post.
What we have not released are the full details of the security threats that necessitated these patches. Those will come on the 5th. And the reason we don't release the details immediately is quite simple: the last time we did so, people got very upset with us because they did not have time to patch their servers before the full details were released into the wild. And frankly, I agree with that; we don't want to be like some (most?) projects that will throw our users to the wolves with zero time between publishing a patch and publishing the full details of the vulnerability. So, for these and all future security issues, we will wait (roughly) one week to give everyone ample time to update before we publicly disclose them. If you disagree with that, then suit yourself; we're damned if we do and damned if we don't, so we'll err on the side of "wait a bit first".