I'd agree. The discussions in Slack and separate user mailing list thread are a reassurance for users (who read them), but a patch for the current 1.15 branch would seem sensible for people to pick up and assuage any remaining security concerns they may have around the library.
That leaves 1.16 a little longer to get more good stuff merged in for the next feature release. Cheers, Chris Sampson On Mon, 13 Dec 2021, 14:19 David Handermann, <[email protected]> wrote: > Joe, > > Thanks for starting this discussion. Moving forward with a 1.15.1 patch > release sounds like the best path forward. > > Regards, > David Handermann > > On Mon, Dec 13, 2021 at 7:49 AM Joe Witt <[email protected]> wrote: > > > Team > > > > We still dont think we are vulnerable but this now highly risky library > is > > present. We have PRs to eliminate it/main is fixed. I think we should > do > > a 24 hour 1.15.1 release/vote for it. It will eliminate concerns for > > users. We are frankly pretty close to a 1.16 release at this point as > > well it seems but can circle back. > > > > > > Any different views on 1.15.1? > > > > Thanks > > >
