(no title)
cp9
|
2 years ago
my understanding matches yours. I don't think this article is particularly clear about why rapid7 would threaten to disclose a vulnerability before a patch is ready and then subsequently get angry that jetbrains put out a patch to fix the issue
ziddoap|2 years ago
They are angry that it was a _silent_ patch. The whole issue revolves around the _silent_ part.
More on why Rapid7 doesn't like silent patching here: https://www.rapid7.com/blog/post/2022/06/06/the-hidden-harm-...