I haven't updated mine. I have a firewall and it's not exposed to the Internet. Need a key to SSH in. Same with my public facing server. Almost none of these exploits are "drop everything now and patch" unless you are somehow exposing yourself stupidly.
I understand where you're coming from, it's no reason to panic.
But this kind of thinking can be dangerous because it implies that your systems don't talk to the outside world at all, which they obviously do. I mean a very glaring example is container images, so it definitely takes more than a firewall and ssh keys to stay safe in general.
> unless you are somehow exposing yourself stupidly
Or, y'know, offer some forms of compute as a service.
If you’re running any sort of CI you’re probably going to have a bad couple of days if everything goes well
To be honest, CI has always been a massive risk, I'm a bit miffed at how blasé some people are about providing runners.
unless you run pinned CI runners on hardware you control