I don't think vendors should bundle security updates and large software releases together.
Apple has just released macOS 15.1, iOS 15.1 and iPadOS 15.1. The main new feature being Apple Intelligence. But this release also comes with a number of security patches, with at least one rated Critical (https://support.apple.com/en-us/121564 and https://support.apple.com/en-us/103161)
This is not only Apple. Microsoft does the same thing.
Many companies might want to wait to see how Apple Intelligence, or Microsoft Copilot, fares before deploying them. And many simply wait before a major release (macOS 15 broke a bunch of security products, for example).
This creates a situation in which security patches are held hostage and can't be applied quickly because they have been bundled with large new features. And I don't think it's a good situation.
What do you think? Should security and new features/major releases be released separately? Please let me know in the comments.