Only the latest major version tag (e.g. v1) receives security updates. Older major versions are not supported unless explicitly stated.

To report a vulnerability, please open a private security advisory.

You should receive a response within 48 hours. If you don't, please follow up.