Except most of the attacks so far has not landed actually source code changes to git IIRC. They have targeting the release files directly.
replySoftware vulnerabilities are often not placed maliciously, and are present in the original source. If you don't patch them if discovered later, you'll be vulnerable to them.
reply