zlacker

[parent] [thread] 3 comments
1. flamin+(OP)[view] [source] 2025-12-05 16:58:22
Do you have a public source about an embargo period for this one? I wasn't able to find one
replies(2): >>Pharao+g8 >>charci+Zb
2. Pharao+g8[view] [source] 2025-12-05 17:33:08
>>flamin+(OP)
https://react.dev/blog/2025/12/03/critical-security-vulnerab...

Privately Disclosed: Nov 29 Fix pushed: Dec 1 Publicly disclosed: Dec 3

replies(1): >>drysar+n9
◧◩
3. drysar+n9[view] [source] [discussion] 2025-12-05 17:38:43
>>Pharao+g8
Then even in the worst case scenario, they were addressing this issue two days after it was publicly disclosed. So this wasn't a "rush to fix the zero day ASAP" scenario, which makes it harder to justify ignoring errors that started occuring in a small scale rollout.
4. charci+Zb[view] [source] 2025-12-05 17:49:51
>>flamin+(OP)
Considering there were patched libraries at the time of disclosure, those libraries' authors must have been informed ahead of time.
[go to top]