I see that at
https://cloud.google.com/sql/docs/mysql/release-notes MySQL 5.7.25 just became available, but that version is well over a year old, and there have been several CVEs fixed between 5.7.25 and the current version 5.7.30.
How come? is it:
a) Google Cloud SQL is just behind, and thus vulnerable to all those CVEs?
b) someone on the Google Cloud SQL team evaluated all those CVEs and decided they didn't apply to Google Cloud SQL?
c) is the Google Cloud team making a fork of the real MySQL 5.7.25 and patching it up with the fixes for those CVEs, without increasing the version number, the way the Ubuntu team does sometimes for their packages?