Those are basically the same steps I ran, since they match your upgrade docs. The only difference is I chose 5.27.2 as the new version to fetch, as the security announcement implied it contained the required fix, for, in my case, an installation of 5.27.0.
The ‘About Mattermost’ section of my site shows the same info as I pasted above.
Mattermost Version: ee_onprem_003fb092761115ea1bcfae56482d67f59395b8d0_b76e2800149b382e117c8d17d1d6031a55926115_429
Database Schema Version: 5.27.0
Database: mysql
That build version number is really weird. And I have reproduced it on two separate Mattermost installations now, both trying to upgrade to 5.27.2.
Are you saying that in fact, users need to upgrade from 5.27 to 5.29 to obtain the security fix? I’m not really inclined to re-run the upgrade per the link you provided, which would upgrade me to 5.29, unless you’re saying that’s the only way to fix it (but in which case, what was the 5.27.2 release for?)