Some vulnerabilites disclosed in 2014 still not resolved

It is quite disheartening to see that a good number of issues related to security vulnerabilities, some of which have an assigned CVE have not been taken seriously.

These should have been fixed within a couple weeks of their disclosure, yet they have not been fixed. They should have been given priority. Considering this software is used in actual clinics, this should be fixed ASAP.

I am posting this publicly in the hopes that it lights a fire that triggers action.