As an open source product, only the latest major version will be patched for security vulnerabilities. Previous versions of config-formatter will likely not be retroactively patched.
To report a security issue, please email [email protected] with a description of the issue, the steps you took to create the issue, affected versions, and if known, mitigations for the issue.