Yes, that is correct. The Jenkins security officer has said:
Instead of announcing a continuous flow of non-impacting vulnerabilities, our approach is to publish information only for those that we consider interesting, like critical score, widely spread, etc.
For them you will find an article in our blog, like: Log4Shell or SpringShell.