It's under "Vendor Advisory", so I'm guessing it's that they fixed it, but never informed any OpenCode users that there was a massive security vulnerability.