Does anyone know any more about this issue?
I looked on 3x different models: DS916+, DS212+ and DS211+, all of them are set to automatically update, and all of them HAD updated to Version: 6.2.4-25556 Update 3, back in January after it WAS published (2022-01-11).
When I looked in Control Panel > Update & Restore, all 3x units showed Status: "Your DSM version is up-to-date".
However, when I followed the release notes link (this is a handy one as it takes you to the model number-specific URL), I found that there were not one but TWO newer updates available, that had security vulnerabilities patched, which for "reasons" have NOT been pushed on the Synology autoupdate servers! Synology_SA_22_02 | Synology Inc. - addressed by U4 Synology_SA_22_03 | Synology Inc. - addressed by U5
I manually downloaded and applied .pat files for U5 for all 3x units and seem to be working ok, but I have no idea WTF Synology support and security team are playing at and why the updates aren't being pushed?
I only discovered SA_22_03 due to a chance read on a random infosec blog - not even a major one.