Forced To Pay For Security Fixes?

So my upgrade subscription expired right before 4.4.2 SP2 was released. This release indicates it's a security fix. So let me get this straight, there's a security vulnerability in my software that I have to pay $160 to get the fix for?

So my upgrade subscription expired right before 4.4.2 SP2 was released. This release indicates it's a security fix. So let me get this straight, there's a security vulnerability in my software that I have to pay $160 to get the fix for?

http://forum.cs-cart.com/topic/47318-update-critical-vulnerability-in-phpmailer-library-should-be-fixed-asap/

An addon to apply the patch for the most recent security fix is available in the Files area on your helpdesk account. You do NOT need to be current on your update fees to get the addon. The email sent out gives pretty clear instructions as to where to find it.