@SoniEx2 @fionafokus The issue with just putting the patches on the internet without any coordination is that anyone reading them might be able to reconstruct an exploit to abuse the vulnerability while server administrators do not have a chance to protect themselves, i.e., because no release is available yet.
Instead, it is good practice to coordinate this process so that the time from the patches becoming public and an update being available is as short as possible.

(Edit: public visibility)