When releasing ACS we bump the latest vulnerability schema to the latest release tag. When the release tag is not published, we fallback to RC, which allow the release candidates to pull vulns when performing tests and validations.

But when doing so we are effectively changing the production bundle to be built on RC-based code.

Although this is not generally an issue (because bundles are backward compatible), if we submit a change to the release branch that is backward incompatible (by mistake, by lack of knowledge, etc), we can impact production environments.

The goal of this task is to revisit this decision and try to mitigate this risk.