Security (& other) updates are released only for the current version.
If you believe that you have discovered a vulnerability that has not already been published, please report it.
Reports must include:
- version(s) believed to be affected
- expected & observed behaviors
- steps that reproduce the vulnerability
Any acknowledgment of a report is not necessarily an acceptance or rejection.
You might be contacted for additional info, collaboration, and/or updates about the status of any investigation and/or resolution.
Resolution timelines will vary depending on complexity & severity.
You will be credited whenever a valid report is published, unless you request anonymity.