| ▲ | Y_Y 8 hours ago | |
> so make sure you're on the latest version of our SDKs. Probably even safer to not have been on the latest version in the first place. Or safer again not to use software this vulnerable. | ||
| ▲ | meesles 4 hours ago | parent | next [-] | |
As a user of Posthog, this statement is absurd: > Or safer again not to use software this vulnerable. Nearly all software you use is susceptible to vulnerabilities, whether it's malicious or enterprise taking away your rights. It's in bad taste to make a comment about "not using software this vulnerable" when the issue was widespread in the ecosystem and the vendor is already being transparent about it. The alternative is you shame them into not sharing this information, and we're all worse for it. | ||
| ▲ | tclancy 7 hours ago | parent | prev [-] | |
Popularity and vulnerability go hand in hand though. You could be pretty safe by only using packages with zero stars on GitHub, but would you be happy or productive? | ||