We release patches for security vulnerabilities. Which versions are eligible for receiving such patches depend on the CVSS v3.0 Rating:

If you discover a security vulnerability, please do the following:

• Do not open an issue or pull request on GitHub.
• Send an email to [email protected] with the details of the vulnerability.
• We will respond within 48 hours to acknowledge the report.
• Once the vulnerability is confirmed, we will take necessary steps to address it.

Your efforts to responsibly disclose your findings are appreciated and will be acknowledged.