Open source means you can make modifications. Can't code - help with debugging. Can't debug - write documentation. I would understand if said Alibaba engineer would urge to REVIEW and MERGE his urgent fix. But no, someone else must find it, fix it and test it. Open source is not broken, some people are.
Programming languages enthusiast. Author of Learn Type Driven Development: https://www.packtpub.com/application-development/learn-type-driven-development
Yeah the thing is, if there had been no patch, we would all still be able to do the mitigation of deleting the JndiLookup.class file from production JARs to stop this attack. So what did all this pressure on the maintainers achieve? A bunch of people upgrading, and many complaining. 🤷♂️
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Open source means you can make modifications. Can't code - help with debugging. Can't debug - write documentation. I would understand if said Alibaba engineer would urge to REVIEW and MERGE his urgent fix. But no, someone else must find it, fix it and test it. Open source is not broken, some people are.
Yeah the thing is, if there had been no patch, we would all still be able to do the mitigation of deleting the
JndiLookup.class
file from production JARs to stop this attack. So what did all this pressure on the maintainers achieve? A bunch of people upgrading, and many complaining. 🤷♂️