Only the latest release receives security fixes.

Please do not open a public GitHub issue for security vulnerabilities.

Report them privately via GitHub Security Advisories.

You can expect an acknowledgement within 48 hours and a patch or mitigation plan within 14 days for confirmed issues. If a CVE is warranted, one will be requested through GitHub's process.