We had very long thread here about connect installation lifecycle here: Action Required - Atlassian Connect installation lifecycle security improvements
There were tickets created in AMS Jira project. We had few tickets still opened, but they are now closed by Atlassian (enforcement deadline is 1st March). Here is the comment from security team:
Hello, we are closing this issue as the Connect Platform is actively patching this vulnerability.
It is highly advised that you confirm your app is not impacted by reviewing the community thread at: Action Required - Atlassian Connect installation lifecycle security improvements
If you have any questions or concerns, please raise a ticket via the DEVHELP service desk at: Jira Service Management
Thank you.
Atlassian Security Team
I am not sure if I understand it. Are we still supposed to push the security update or connect team has found a workaround internally?