Security updates are supported for the current version and the previous major version.

Pull Requests for security issues will be considered for older versions back to 2.x.

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.