[keycloak-dev] CVE-2019-3875 and handling of security issues

Dear devs, is the CVE-2019-3875 <https://www.cvedetails.com/cve/CVE-2019-3875/> fixed already? Also CVE-2019-10157 <https://www.cvedetails.com/cve/CVE-2019-10157/> seems to be still unresolved. When do you plan to release 6.0.2 including the fixes? Is there a place to get more information about upcoming releases? I have access to https://issues.jboss.org/projects/KEYCLOAK?selectedItem=com.atlassian.jira.j ira-projects-plugin%3Arelease-page <https://issues.jboss.org/projects/KEYCLOAK?selectedItem=com.atlassian.jira. jira-projects-plugin%3Arelease-page&status=no-filter> &status=no-filter but there are no release dates fixed. Especially with open security issues I would appreciate quick bugfix releases. Or is it something that is only expectable from RH-SSO and not from Keycloak? Best regards, Sebastian