These 2 vulnerabilities (here for more detail) affected only our public-facing marketing site, https://retool.com, but not the Retool Platform (the actual product customers use - on cloud or self hosted, or Retool managed self hosted or Bring your own cloud).
So customer applications and data were never at risk from these CVEs.
Only our marketing website was theoretically vulnerable but that was protected before anyone could exploit it.