暫時發現到5.6.0同5.6.1有backdoor
如果用緊呢個version要downgrade或者upgrade
問題係唔知呢條友/team人2年入面有幾多malicious commit係未發現到
呢單嘢如果唔係MS條友手多去troubleshoot ssh慢咗半秒
可能仲大單過當年heartbleed
basically
the OG maintainer of liblma, xz-utils etc... started the project as a hobby, a fuck ton of corporations, open source projects, every linux distro used it as a dependency. He was the only maintainer and was under a ton of pressure, he had no help maintaining, no financial help etc and was having mental health issues.
You can read the mailing list, its sad. A person there was brutally rude telling him to give the project up because he wasn't moving fast enough (which is just insanely out of touch and rude) so he passed it off to the only other person who was committing to the project, and that person slowly introduced commits that very intentionally added a backdoor.