On Wed, Nov 20, 2024 at 09:49:27PM -0500, Jonathan Katz wrote: > That said, while it's certainly advisable to upgrade based on having CVEs in > a release, many upgrade patterns are determined by the CVE score[2]. For > example, a HIGH score (7.0 - 8.9 - our highest for this release was 8.8; 3 > of them were less than 5.0) often dictates upgrading within 14-30 days of > announcing the CVE, and lower scores having more time. This could be why > people didn't complain, particularly because we got the announcement out 36 > hours after the release, and stated the updates would be available within > the next week.
Makes sense. This is the discussion I wanted to have. Thanks. -- Bruce Momjian <br...@momjian.us> https://momjian.us EDB https://enterprisedb.com When a patient asks the doctor, "Am I going to die?", he means "Am I going to die soon?"
