We typically only support the latest release of LavinMQ for maintenance updates, but depending on the nature of the security issue we may issue hotfixes for arbitrarily earlier versions of LavinMQ.
If you discover any issue regarding security, please disclose the information responsibly by sending an email to security@lavinmq.com and not by creating a GitHub issue. We'll get back to you ASAP and work with you to confirm and plan a fix for the issue.
Please note that we do not currently offer a bug bounty program.