* They were trying to intentionally hide this change to spite you
* They were avoiding unintentional disclosure of the attack vector for this vulnerability (indeed, none of the CVEs that I could find for this month's Adobe Flash update describe the attack)
* The security hand didn't talk to the changelog hand
* The security team worked independently of the perf team, and perhaps this case wasn't thoroughly tested or the regression not detected
And so on, and so forth. Let's be honest, there are lots of reasons we can imagine why Adobe did this, but imagining things doesn't make them true.
It doesn't matter whether it's ignorance or malice. I don't have to imagine anything, because what I care about is whether changes that affect me are in the changelogs.
Here are a few options:
* They were trying to intentionally hide this change to spite you * They were avoiding unintentional disclosure of the attack vector for this vulnerability (indeed, none of the CVEs that I could find for this month's Adobe Flash update describe the attack) * The security hand didn't talk to the changelog hand * The security team worked independently of the perf team, and perhaps this case wasn't thoroughly tested or the regression not detected
And so on, and so forth. Let's be honest, there are lots of reasons we can imagine why Adobe did this, but imagining things doesn't make them true.