What happened to "connect installation lifecycle security" enforcement?

We had very long thread here about connect installation lifecycle here: Action Required - Atlassian Connect installation lifecycle security improvements

There were tickets created in AMS Jira project. We had few tickets still opened, but they are now closed by Atlassian (enforcement deadline is 1st March). Here is the comment from security team:

Hello, we are closing this issue as the Connect Platform is actively patching this vulnerability.

It is highly advised that you confirm your app is not impacted by reviewing the community thread at: Action Required - Atlassian Connect installation lifecycle security improvements

If you have any questions or concerns, please raise a ticket via the DEVHELP service desk at: Jira Service Management

Thank you.
Atlassian Security Team

I am not sure if I understand it. Are we still supposed to push the security update or connect team has found a workaround internally?

After 1st of March, connect installation lifecycle will be signed asymmetrically only. App will fail to upgrade if it is still expecting a JWT token signed with the old sharedSecret.

Hi @HanjooSong, I set “signed-install”: true and about 2 weeks ago I start facing an issue
AbstractConnectAuthenticationProvider : JWT signature verification failed, so when I ask the client to uninstall and install the addon the issue is resolved.
I am using atlassian-connect-spring-boot.version 2.2.3
how to handle or solve this : “App will fail to upgrade if it is still expecting a JWT token signed with the old sharedSecret.”