I’m sorry if I’ve given the impression that sticking with older versions of a plugin is a good look for ClassicPress. That was certainly not my intention. I agree that it does not look good and I also agree that, in the real world, it may not always be practicable, for any number of reasons.
But I do still believe that in certain scenarios, it is the sensible and sometimes only thing to do, though mostly on a short-term basis. It is a potential, temporary solution to address an immediate issue. I am not recommending it as a long-term policy.
In many ways, in terms of security, it is little different than using plugins that have been abandoned or that have not been updated in 8 years (yes, there are some) and yet many of us do this.
Maybe I was a bit flippant for saying what I said, and I apologise for that, but the point I was trying to make is that it is not uncommon for updates to bring new problems, including security holes. And in some cases, as we are finding more and more, there is simply no other option than to stick with an older version.
But putting all that aside, the main message I want to make is this:
It is known there is a problem, but action is being taken to address this.
I’m sorry if anything else that I’ve said may have diluted this message.
In the meantime, see @james’ comments above.