@witekbedyk the .changes are reporting some removed CVEs from what I can see. If it's expected (see discussion from this morning) I think it's better to mention this somewhere or when we will submit bot/autobuild will decline
The removals result in most of the cases from the fact that the same CVEs have been referenced multiple times for different stable branches.
In one case the CVE was affecting Grafana Enterprise only and should not get listed in the first place.
What would be the right place to mention these removals? The changelog itself?
@witekbedyk the .changes are reporting some removed CVEs from what I can see. If it's expected (see discussion from this morning) I think it's better to mention this somewhere or when we will submit bot/autobuild will decline
The removals result in most of the cases from the fact that the same CVEs have been referenced multiple times for different stable branches.
In one case the CVE was affecting Grafana Enterprise only and should not get listed in the first place.
What would be the right place to mention these removals? The changelog itself?
I think it could be something to add in the SR message. so at least people making a review will understand what is going on