@swapgs Yeah that CVE *is* referenced in joernchen's post, but the issue shown on the photo doesn't reference a CVE or a GitLab release, so it's hard to map. I also think the quoted part is just wrong, as the photo also shows an excerpt about Devfile and Ruby...