We release patches for fixing security vulnerabilities, primarily focusing on the latest release only.
In the event of a high-risk vulnerability, we may backport the security fixes to the older versions of the software. The decision to backport security fixes to older versions will be made based on a risk assessment and the feasibility of implementing the patch in those versions.
To report a vulnerability, you can reach out to the maintainers at [email protected].