I'm not sure if this is the correct place to make this inquiry, so if this is the wrong place, I apologize in advance.
I am trying to understand how a particular commit will make it into an official release of BusyBox. The commit f25d254dfd4243698c31a4f3153d4ac72aa9e9bd<https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd> fixes security vulnerability CVE-2021-28831<https://nvd.nist.gov/vuln/detail/CVE-2021-28831>. However, this change has yet to make it into an official (preferably stable) release. My company has pretty strict security guidelines that require any identified vulnerability over a CVSS 4.0 to be fixed within 90 days or we need to obtain a security exception. In this case, BusyBox is being pulled in by the Graphite Exporter docker image for our Cloud deployment. So, the commit needs to become available to be pulled into the Graphite Exporter docker image. If this inquiry needs to be made in another fashion, please let me know. Thanks, Tim Mousaw
_______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
