Indeed, good point, it wasn't handled properly. It's mandatory to create a forum post, but for some reason it wasn't done in this case, sorry about that.
Well, this is not enough, it needs to be done officially in Release and security announcements section, like we've done previously Security Advisory 2022-10-17-1 - Multiple issues in mac80211 and cfg80211 (CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721 and CVE-2022-42722).
The procedure is hopefully more clear now https://openwrt.org/docs/guide-developer/security_incidents_response