This is non info. if you search the CVE, first hit is the TOS version that has the patch. If you do not update, fine, your problem. These developers are not the update police. If you do not update, fine, have it your way.
Please stop this useless filling of the forum here.
This topic can be closed.