Only the latest major version is supported with security updates. It can be changed if many people are relying on a specific version for some reason. If this is the case, welcome to file an issue.

Please do not report security vulnerabilities through public GitHub issues.

Report them via GitHub Security Advisories — Report a vulnerability.

• If the vulnerability in question affects common use cases, it will be treated as a bug and fixed very soon (typically within a month).
• Otherwise, it'll be scheduled in the same priority of feature request (which is lower than bugs).
• If the request is declined, you'll receive a reply anyway (most likely there will be a discussion).