Our Support policy outlines what versions are supported for bugfixes and security releases.

Report security issues by sending an email to security at liftweb dot net. A committer will respond within 3 business days to let you know that we've received the report. We'll attempt to confirm our ability to replicate the issue. This will go quicker if you can provide us with a sample project in a private GitHub repo. We'll tell you who to share it with by email.

Once we've confirmed the issue, development of a fix will begin immediately and we'll keep you in the loop as we progress.