Based on previous releases, commits related to vulnerabilities don't appear in the repo until shortly before the release.
https://git.openssl.org/?p=openssl.git&a=search&h=HEAD&st=commit&s=CVE-
1.1.1j tagged at 15:24, CVE commits merged same day 11:32..11:40
1.1.1i tagged at 13:20, CVE commits merged same day 10:16
Since the release time they gave for 1.1.1k is between 13:00 and 17:00 UTC, and it's now 13:30 UTC the commits will likely appear within the next few hours, (but are not there at the time of posting).