Replicated's Response to CVE-2024-3094, aka the backdoor in xz library

On March 29, 2024, a security vulnerability was discovered in the xz/liblzma package, leading to a potential backdoor affecting SSH and prompting Replicated to conduct a risk assessment. Initially, their analysis showed no impact on their products due to regular updates based on Wolfi images, but they decided to proactively update their software after further information emerged. By April 3, 2024, Replicated released an updated version of KOTS, ensuring the exclusion of the vulnerable xz library, and continues to monitor the situation while encouraging customers to contact them with concerns.