It is important to recognize the role of Zebra node implementation and its use in block miner workflows. The following statement assumes zcashd is the only mining node and that security vulnerability fixes may not be shared with partners ahead of coordinated releases.

"In the case of a counterfeiting bug, however, just like in CVE-2019-7167, we might decide not to include those details with our reports to partners ahead of coordinated release, so long as we are sure that they are vulnerable."
https://github.com/zcash/zcash/blob/master/SECURITY.md

Describe the solution you'd like

Come up with a plan to coordinate security fixes and deployments with partners with nodes present in the mining operations, exchanges, and end-user applications alike.

Additional context

This issue was identified during the discussions around updating ZIP 0 process updates by @daira