Hi Bricks Team,
saw the email and the notice, but its rather cryptic. You urge users to update ‘within 24hrs’ but do not list the type of vulnerability. If this is a big exploit that should be documented! That can allow admins to judge the vuln based on their config rather than just the email itself and ‘is important’.
Would you mind adding some details as its customary after a patch has been released? I find it concerning that this is only an email and not designated in the update itself.
Thank you in advance,
Sebastian
Run a diff. Then keep it to yourself.
1 Like
The vulnerability details haven’t been fully disclosed yet and that’s to allow people time to update prior to the disclosure so that it is less likely any sites would be affected. Best to update ASAP, don’t take chances with security. It’s a “remote execution” vulnerability style is all we know so far.
Thanks for the info. While I certainly can understand a ‘lead-time’ (once its been patched its patched), generally this should be handled differently. But who am I, but a lowly web dev… And I appreciate your reply