If a security issue occurs, only the latest version is guaranteed to be patched. Consideration will be given to updating the v1.x line, however this is not guaranteed.

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.