While reports for any version are allowed and may be accepted if valid, typically only the most recent version of a library is supported for fixing security vulnerabilities.
In rare cases, especially when the most recent major version is very new and has not diverged much from the prior major version branch, security fixes may be backported. But this is not the norm.
Please report all security vulnerabilities through GitHub Security Advisories. This allows us to collaborate on investigation, remediation, and correction, while maintaining confidentiality until it is safe to disclose responsibly and accurately.
To report a vulnerability (docs):
- Visit the Security tab of the affected repository on GitHub.
- Click Report a vulnerability and follow the provided steps.