Nope. Security vulns are not regressions!

And how do you qualify "Meltdown" and it's notorious bad fix "Total Meltdown" in that case ?

To me, the bug fix introduced a clear regression, allowing an even more powerful vuln in the process.

I’m confused what do you mean? Fixing security vulns can often times lead to regressions since overtime users become dependent on a behavior that relies on a insecure behavior.

Secure behaviors should generally trump API guarantees.

Your parent comment didn't say security fixes couldn't lead to regressions, they said security vulns themselves aren't regressions.