Only the latest stable release is supported. In addition to that, limited support is available to the latest pre-release (if available).
We announce security advisories on GitHub. Every entry includes detailed information about the vulnerability it describes, especially affected versions, attack vectors, fixed versions as well as possible workarounds (if any).
We are doing our best to protect our users from all harm, therefore we take security vulnerabilities very seriously.
If you believe that you've found one, we'd appreciate if you let us know about it. The best way of contacting us is by opening an issue on GitHub. If you believe your issue is too critical to be discussed publicly, please still open an issue and just keep the important information out. We will then give you another way to contact us privately.