Hey guys.
So roughly 1 month ago you released a 4.24.2 and gave us a “general” warning.
Today some more informations came through about the CVEs that were fixed with 4.24.2.
To me this is not really satisfying and far away from transparent.
How do the CVEs affect my Strapi application?
The explanation of the first CVE: I get it, only an issue for users that already are in Strapi Admin. (for many of us this might not be a “real” issue)
However the other both CVEs are kind of vague.
You need to be more transparent and need to clearly state how CVEs impact Strapi users because I get mail-bombed and called by customers that demand an asap upgrade, however for some cases - these CVEs are not a problem for me and - even worse - things in Strapi change still too much, to just “do an update” without intensive regression testing.
I can’t imagine how it must be to have “bigger customers” that pay “bigger prizes” and stress out the developers even more about updating.
And sadly to me - it’s always close to a big version jump when suddenly there are “serious security warnings” and after some more digging you realize, whoops - not really that much of an issue.
Maybe the community can help me/others about the 3 CVEs? (until Strapi official announce them - outside of e-mails or discord) I wont include the exact CVEs.
I hope Strapi will get more serious, more transparent and more “grown up” (or atleast realize that the people that still love Strapi, are the one that fight at the frontlines with Strapi as tool - not as enemy 
)
Cheers,
Olaf
No one else has a problem with that?