why no backport of security fix to 1.22? #5367
-
There was a recent security vulnerability GHSA-7rrj-xr53-82p7 which has been fixed in 1.23.1, 1.20.3, and 1.18.4. Does anyone know why there is no fix for 1.22? Normally I would just upgrade to the very latest, but due to the build-breaking removal of the |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 6 replies
-
This tracks our LTS policy documented here: https://github.com/tokio-rs/tokio/#bug-patching-policy. If you need to stay on an older version, I recommend using |
Beta Was this translation helpful? Give feedback.
-
If I put up a PR patching the fix to 1.22 would it be rejected? |
Beta Was this translation helpful? Give feedback.
This tracks our LTS policy documented here: https://github.com/tokio-rs/tokio/#bug-patching-policy. If you need to stay on an older version, I recommend using
1.20.x