We found that version 3.5.0.10 was released in Maven, but there was no corresponding tag in github.And this version shows a vulnerability on Maven [CVE-2022-37423] [CVE-2021-42767]
1)What is the reason for tag's absence?
- a、This version code has problems, such as the loophole, compatibility and interface issues, etc.
- b、This version has functional problems, such as unreasonable function planning, basic function cannot be used
- c、Forgot to tag
- d、Don't care or is too trouble
- e、others,_
2) To solve this problem, we propose a method that can find the true commit of version to help developers quickly locate the problem code and fix the bug. Here are the possible true commits given by our method. Can you confirm whether or not the actual commits are included, and if not, which ones?
['e7ec3ab5b6e2f7452fad92d04d8b8a1474040e70', 'ef3974fc072a2582fde944f0c1241e525920d355', '910a73851ded9431473358b1eb0e0229c44e6937']
❤️This question is very important to our research. Thank you for your time!
