OIDC-185 have nothing to do with what you are complaining about: the fact that group synchronization happen with all groups sent by the provider by default (and you can change that by providing an explicit mapping) is a feature that exist since group membership sync exist.
The only thing that changed with OIDC-185 is the criteria to know if the provided provider indicated groups for the user (it used to only check the userinfo, and now it also check the id token, or if you configured a custom group claim).
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6)
If image attachments aren't displayed, see this article.
