The latest two major versions get security updates.

Pull Requests for security issues will be considered for older versions.

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.