vuln CVE-2021-26084 effect a lot, I think is better to improve the method for warning the app admin when new vuln in futre.
As the notice email, a mail without any flag or important label, is really esay to ignor that because of receive a lot of marketing email from extenal domain. Is beeter to place a label or add like [IMPORTANT!!!!!!!} in subject.
As in admin web page, Is good if add a pop-up window when admin loged in. this window only triger by a update was found with a high level security fix.