there are 3 security-related fixes in the 3.8 branch post 3.8.4, one with a CVE, another with a pending CVE if I understood Steve correctly. I’d like to release a hotfix 3.8.5 on Monday.
Since this is a special security-focused release, it will be essentially 3.8.4 + those three changes cherry-picked. That gives us enough confidence about the release that we can skip a release candidate for it.
If you have any other security-related changes you think belong in 3.8, please merge them before Monday 8am CEST.