All versions are supported.
Please report (suspected) security vulnerabilities to contact form. You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.
When we receive a security vulnerability report, we will assign it a severity level. We will then take steps to fix the vulnerability and publicly disclose it. We will notify you when the vulnerability is fixed and publicly disclosed.
If you have suggestions on how this process could be improved please submit a pull request.