Notice no.: IN-119, rev. 1.0.1

Received the IN-119 notice, and it says:

All users are recommended to use the latest release of BLE protocol stack software for product development. All BLE protocol stacks from Nordic Semiconductor released after July 2016 are not affected by this vulnerability.

Could someone clarify which versions are acceptable, instead of going by date? It looks like SDK 12.2 might be covered, so everything after that should be unaffected?