Need for release to incorporate vulnerability fixes

[paulteehan]

Hello, your Python library is currently at v.1.9.0 which includes 4 critical vulnerabilities originating from the Go binary, originally raised here: #3768

From what I can tell, you've already patched and fixed this issue on the main branch, but you haven't yet cut a release to distribute an updated library.

Our product which uses your library is being flagged by some of our customers' CI tooling due to these vulnerabilities. Would you be able to communicate your planned schedule for the next release, so that we can plan accordingly? And if there is any possibility of accelerating your release schedule to clear these CI errors we'd greatly appreciate it. Thanks

[lidavidm]

I can't make any promises. My current goal is to get it done sometime this month, ideally in the next couple weeks. Originally I wanted to cut a release every 6 weeks, but with the limited resources I have, I'd say you should expect more like 12 weeks.

[paulteehan]

Thank you, I hugely appreciate the prompt reply, that gives me the clarity I need. I wish I was in a position to volunteer and help you out, thank you for working on this.

[lidavidm]

I actually managed to put the next release up for confirmation today; if all goes well it should be available at the end of the week.

[paulteehan]

Oh wonderful that's great news, thank you!

[lidavidm]

Wheels are uploaded.

[paulteehan]

Thank you so much, hugely appreaciated!!!