We only support the latest stable version for security issues. See the releases page.
We ask that you report vulnerabilities privately, by contacting a core developer, to give us time to fix them. You can do that by emailing one of the following addresses:
Depending on severity, we will either create a private issue for the vulnerability and release a patch version of Luanti, or give you permission to file the issue publicly.
For more information on the justification of this policy, see Responsible Disclosure.