In the (still active) 0.X phase of the project only the latest stable minor release is getting bugfixes (including security ones).

So e.g. if the latest stable version is 0.42.3 and the latest beta version is 0.43.0-beta, then 0.42 line will still get security fixes but older versions (like 0.41.X) won't get any fixes.

Description above is a general rule and may be altered on case by case basis.

• For low severity vulnerabilities, they can be reported as GitHub issues.
• For severe vulnerabilities, please report it using GitHub Security Advisories.