> CVE-2020-11656 → Use-after-free error on debugging builds only. No impact on release builds. Fix will be part of 3.32.0. Is this *another* case where you've gotten a CVE for something that was never in a release? If so, this is *definitively* not acceptable behavior on the part of the security researcher. Sure, it's nice to know but you don't file a CVE on something that isn't released. I do think having a table for what the community's response for any particular CVE is would be a great way for the community to socialize what issues it feels are bogus as well as letting people who are consumers of SQLite what the community feels the right action is. >> I'm more than happy to write up a guide to help. I'll be putting something together for this.