Version caveats
Version comparison is a triage aid, not final affected-status proof.
Vendor ranges vary
Inclusive bounds, train-specific fixes, cloud-managed services, hotfixes, and appliance builds can make simple range checks incomplete.
Backports are common
Linux distributions and vendors may patch without changing the upstream version string. Confirm package release, build metadata, and advisory notes.
Exposure needs context
A vulnerable version still needs product, feature, reachability, configuration, and owner validation before assigning risk or closing work.