As far as I understand, the meltdown attack is still possible on Haiku (because the kernel is still mapped in memory when userland code is running - supposedly unreachable but that's what meltdown bypasses). It was however an opportunity to review other potential problems, and we found some that were not too hard to fix. They are more direct and obvious attacks where you just make a syscall with a forged pointer value (not pointing to an userland buffer, but to somewhere in the kernel, for example).
Watch the "roadmap": https://dev.haiku-os.org/roadmap
Gerrit was not listed there but my personal opinion is that it is a required tool for sane management of the release process (in fact I started pushing for Gerrit right after the alpha3 release). However it led to https://dev.haiku-os.org/ticket/13937 so we are 1 more bug away from the release now.
Once this and https://dev.haiku-os.org/ticket/11654 are sorted out I think we can start the release process.