Only the latest version mentioned in the main README.md file should be considered when it comes to vulnerabilities.

Please note: there is no bounty program and no rewards will be given. Fixes however will be made where applicable. These contracts are a public good and reporting vulnerabilities should be too.

Please follow the reporting process as outlined here to report a vulnerability:

https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability