Hello Werner,
Thank you for the insight about the "..." and tags.
I arrived at the conclusion because I was expecting a mention of CVE-2022-27404
and the change that fixed it. But it wasn't there. Looking at the docs/CHANGES,
there was a mention of a CVE-2018-25032, which made me think that
> I arrived at the conclusion because I was expecting a mention of
> CVE-2022-27404 and the change that fixed it. [...]
Thanks for the explanation. We usually don't mention CVEs in release
messages except someone explicitly tells us. In most cases CVEs are
made public much later than the
> Can you confirm which or if all the following fixes/patches/commits
> that resolve issues and CVE's below are incorporate into latest
> available version, 2.12.1? [...]
They are, because...
> I see that version 2.12.1 was release 1 month ago [...] and that
> these fixes were committed 3