For some unknown reason, Randy's message was filtered to spam and i missed it. Else, would have replied before submitting the patch for kirkstone.

I did stat my own investigations and reasons for the upgrade -> https://lists.openembedded.org/g/openembedded-core/message/203703

However, if you still feel, i should be avoiding the upgrade for wpa-supplicant, let me know, i would submit CVE patch for the issues needed.

Regards,