That’s not a disclosure. That’s a non-info. All you say is the same thing the changelog said and neither of them have any useful info for an administrator to see if they might have been attacked in the past, nor to see if your fix missed something since we both know Plex never fixes anything.
Who reported the vulnerability, and when will further details be disclosed?
Not Plex, but common practice is to await until people had a fair chance to upgrade, before providing more details!
No, actually, common practice is to not provide any details until people have had a chance to upgrade. Common practice is also to list the embargo date on announcements so that people know in advance when details will be released. Common practice is not to pretend that a one-line changelog entry is a vuln disclosure.
PS people have had over a week to upgrade. It’s spelled “wait”, by the way.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
