they have a terrible release "process" that seems to not include testing
I wouldn't say they have no testing process at all but it seems to me that they lack discipline when it comes to building releases and testing. I've seen releases that had debug-by-logging type code left in spamming the VM logs as well as breakage in what most would consider very common host + guest combinations.
It's a shame that Oracle doesn't seem to care much about the overall quality of that product. I guess we should be happy Oracle cares enough to still develop it. :-/
Edit: And right now - VirtualBox is still not offering v7.1.8 inside the GUI app and there is no mention of this CVE in the 7.1.8 change logs.
Yeah when I checked for updates in the GUI it found nothing. Had to download manually. Though actually I didn't update the extension pack. Doubt it'd help but I should check.
It's a shame that Oracle doesn't seem to care much about the overall quality of that product. I guess we should be happy Oracle cares enough to still develop it. :-/
Edit: And right now - VirtualBox is still not offering v7.1.8 inside the GUI app and there is no mention of this CVE in the 7.1.8 change logs.