As of May 2020 (and until this document is updated), only the v3.0.0 stable release of Strapi is supported for updates. Any previous versions are currently not supported and users are advised to use them "at their own risk".
Please report (suspected) security vulnerabilities to [email protected].
You will receive a response from us within 72 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.