$ wdiff -n -3 first latest
======================================================================
[-Docker 0-Day Stopped Cold by-] SELinux
======================================================================
SELinux {+Mitigates docker exec Vulnerability+}
======================================================================
Fixed packages [-have been-] {+are being+} prepared and shipped for RHEL
======================================================================
[-Centos.-] {+CentOS.+}
======================================================================
[-Stopping 0-Days with-] SELinux
======================================================================
SELinux {+Reduces Vulnerability+}
======================================================================
[-How about a more visually enticing demo? Check out this animation:-]
======================================================================
we were glad to see that our customers were [-safe-] {+safer+} if running containers with setenforce 1
======================================================================
{+Even with SELinux in enforcement, select information could be leaked, so it is recommended that users patch to fully remediate the issue.+}
{++}
{+This post has been updated to better reflect SELinux’s impact on the Docker exec vulnerability and the changing threat landscape facing Linux containers.+}
======================================================================
I'm not sure that first post's version can be considered as recommendation to not upgrade. It just shows how RedHat people was happy to see that bug was prevented by another subsystem. Me, as a sysadmin, would be happy to to know that I'm not obligated to upgrade urgently everything I have. For most sysadmins it can be considered as a workaround, already engaged. sudo sh -c "cat foobar.img > /dev/sdi"
or sudo -s "cat foobar.img > /dev/sdi" * Hash improvements via better locality for modern CPUs
* #max and #min without temporary array
* Speed up instance variable access