The following list describes whether a version is eligible or not for security updates.

In case you should find a vulnerability, please report it privately to me via e-mail. The following is the workflow:

• security issue is found, e-mail is sent to me
• within 24 hours I will reply to your e-mail with some info like, for example, whether it actually is a security issue and how serious it is
• within 15 days I will develop and ship a fix
• once the update is out I will open a security advisory