@Bindestriche @wjmaggos A good example of this: Matrix still hasn't rolled out fixes to all the Nebuchadnezzar vulnerabilities (homeservers control group membership and can add/remove members at will): https://nebuchadnezzar-megolm.github.io/

This is in part because fixing anything in a decentralized system is hard! Fixing these required, AIUI, a protocol change, which is a nightmare when you don't control all the servers and clients.