Exactly, the two statements aren’t contradictory. The fix was super simple, and Filippo (whom I don’t know personally) just went ahead and did it.
Also, bringing up Project Zero’s 30-day disclosure policy while complaining about someone sharing what they thought was a vulnerability report for visibility feels off. If it’s not a security issue, then there’s no reason it needs to be kept quiet. Grow up.
Also, bringing up Project Zero’s 30-day disclosure policy while complaining about someone sharing what they thought was a vulnerability report for visibility feels off. If it’s not a security issue, then there’s no reason it needs to be kept quiet. Grow up.
Let’s not turn harmless fixes into drama.