https://rancher.com/ logo
Title
e

enough-pencil-16731

04/05/2023, 10:12 AM
I see https://github.com/rancher/rancher/pull/40954 resolves a "high severity" security issue in a dependency, is there a way to get this addressed quicker (not sure who to mention on this issue)?
c

creamy-pencil-82913

04/05/2023, 10:14 AM
The teams are currently finalizing the 2.7.2 release. Everything going into that release has been locked in for well over a month at this point. I imagine this will get picked up after the release is done.
e

enough-pencil-16731

04/11/2023, 7:49 AM
Thanks for your response! I understand, that you want to ship it. I wonder if the release process has a step address open security vulnerabilities?
c

creamy-pencil-82913

04/11/2023, 9:22 AM
Speaking generally - not during release, no. That would be way too late. That happens during planning for next cycle. If there is something critical there will be a very short unplanned cycle of planning followed by release.