We do a beta bump for a high severity CVE shortly after the fix is released, but we missed to do that for the last CVE (CVE-2022-31096). We released 2.9.0.beta6 last week (Thursday) so this should be resolved now.