I typically only support the latest versions of software with security updates. I.e., I will not backport new security updates to old versions. Please reach out if you have concerns related to this.
If you believe you have found a security vulnerability in the project, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.
Please report security issues to the Issue Tracker or Security Advisories.