A device on 14.4 or 14.4.1 is not under active exploit and the 14.5 does not contain fixes for active exploit.
However a device on 14.3 had active exploits that were fixed on 14.4. Since 14.5 is considered a "cumulative" update, this implies the device is currently under active exploits. The logic should be calculated to address this.
This was the intent of https://github.com/macadmins/nudge/issues/610
Ex: An admin sets "latest" which enforces 14.5.
A device on 14.4 or 14.4.1 is not under active exploit and the 14.5 does not contain fixes for active exploit.
However a device on 14.3 had active exploits that were fixed on 14.4. Since 14.5 is considered a "cumulative" update, this implies the device is currently under active exploits. The logic should be calculated to address this.