BentoML is currently under active development and releases a new version every 2-3 weeks. We always recommend users to move to a newer version when it became available, and we only provide security updates in the latest version.
If you are using an older version of BentoML and would like to receive security patches, let us know via BentoML Slack Channel or BentoML Discussions.
To report a vulnerability, please do not share it publically on Github nor the community slack channel. Instead, contact the BentoML team directly via email first: contact@bentoml.ai