How can we see the details of the security fixes? All I see in the Jira issues are references to “SSF-” numbers, but I don’t see how to trace this to CVE’s or anything describing severity or impact.
We’ve added, with a bit of delay, severity estimates (revised CVSS) to these tickets to help you decide if you want to upgrade right away.
According to our disclosure practices, we’ll share more details about the fixed vulnerabilities 90 days after the release to give everyone time to upgrade.