I see https://github.com/rancher/rancher/pull/40954 resolves a "high severity" security issue in a dependency, is there a way to get this addressed quicker (not sure who to mention on this issue)?
c
creamy-pencil-82913
04/05/2023, 10:14 AM
The teams are currently finalizing the 2.7.2 release. Everything going into that release has been locked in for well over a month at this point. I imagine this will get picked up after the release is done.
e
enough-pencil-16731
04/11/2023, 7:49 AM
Thanks for your response! I understand, that you want to ship it. I wonder if the release process has a step address open security vulnerabilities?
c
creamy-pencil-82913
04/11/2023, 9:22 AM
Speaking generally - not during release, no. That would be way too late. That happens during planning for next cycle. If there is something critical there will be a very short unplanned cycle of planning followed by release.