Security fixes are provided in new releases and bugfix releases.

We do not backport security fixes to older releases.

(Yet, Linux distributions might backport security fixes for their packages.)

Please do not report vulnerabilities via GitHub issues.

If you have discovered a vulnerability, it is the best to notify us about it via [email protected] in order to setup a meeting where we can discuss the next steps.