Hacker News new | past | comments | ask | show | jobs | submit login

We did not have any visibility into the process. Overall I think they just didn’t see it as that big of a deal, definitely not big enough to change release schedules for. This got assigned a CVSS score of 6.8, so not Critical or even High severity. Still feels pretty severe to me, but I guess that’s how everyone who discovers an issue like this would feel…

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact