Ray has released patches for four of the five reported CVEs (CVE-2023-6019, CVE-2023-6020, CVE-2023-6021, and CVE-2023-48023) in master and will be part of Ray 2.8.1. The remaining one (CVE-2023-48022), related to lack of authentication built into Ray, is a design decision based on how security boundaries are drawn and consistent with best practices. Ray's security boundary is outside the cluster, so it does not consider this bug a vulnerability or even a bug. However, they recognize its potential value in defense-in-depth strategy and plan to implement authentication as a new feature in a future release.