Good Day! I’m running 8.5.9 and trying to apply the subject security patch. When I click the download on the concretecms.org page it downloads a zipped file named 8.5.11
Using the Manual Dashboard method which I am very comfortable using, I successfully move the concrete folder to my Updates Folder.
LOading my Dashboard Apply Update reveals update to 9.1.3 which I am not ready to install. Is this update only for 9.1? or am I doing something wrong?
Thank ypou for your assistance.
Joe
There are other inconsistencies with the current downloads and release notes. Unless you have an urgent need to update, I would leave it a few days for the situation to become clearer.
Thank you! Some of the users to my website have reported some malware incidents and I was excited to apply this. I’ll be patient. 
What are “inconsistencies with the current downloads and release notes” ?
I tried a composer u concrete5/core on a 8.5.9 project wich gives me 8.5.10. It seems like 8.5.“11” is a typo. The release notes state 8.5.10.
The api documentation (https://documentation.concretecms.org/api) lists 8.5.9 and 9.1.1 as newest versions so that is further behind.
But is it just a typo? Are you absolutely certain?
Hence I am waiting until such are fully clarified before updating anything other than a dev site.
I am not absolutely certain. How could i be?
That’s why i wrote “it seems like”
Strangely the 8.5.10 composer package was added a week ago. Before the security-post.