It’s not surprising that a major security vulnerability is once again caused by maintainer burnout and someone stepping in to take over. We’ve all been talking about that risk for years. Sadly it’s also unsurprising that OSS teams still are going to need to plead with management to stay funded, and paid OSS maintainers will still do unpaid overtime to work with volunteers. 🙃.