This software implements other software, it's not very likely that this software introduces new vulnerabilities.
The current major version is supported. For example if the current version is 3.4.1:
Version | Supported |
---|---|
3.4.1 | ✅ |
3.4.x | ✅ |
3.x.x | ✅ |
2.0.0 | ❌ |
1.0.0 | ❌ |
Please open an issue describing the vulnerability.
Tell them where to go, how often they can expect to get an update on a reported vulnerability, what to expect if the vulnerability is accepted or declined, etc.