whenever Osisoft identifies security issues on PI / PI AF, they deliver fixes through the next release of these applications.
This is not convenient as upgrading to a new release is a risk that we don't like to be forced to take and has a cost (we manage about 40 PI servers WW under different versions).
We would rather appreciate to have patches applicable to our versions of PI. This is what software vendors usually do.
Could you please consider managing your future security patches this way?