Comment by AlexErrant
Comment by AlexErrant 2 days ago
The disclosure timeline is concerning.
Reported 2025-11-17, and multiple "no responses" after repeated attempts to contact the maintainers... not a good look.
Comment by AlexErrant 2 days ago
The disclosure timeline is concerning.
Reported 2025-11-17, and multiple "no responses" after repeated attempts to contact the maintainers... not a good look.
Keeping the rce as vendor advisement tells you everything you need to know on how serious they are about the security of their users.
hey man, chill out.
everybody is vibecoding now, and dealing with massive security issues is bad vibes.
it looks like opencode developers now try to take it seriously:
https://github.com/anomalyco/opencode/issues/6355#issuecomme...