We will only patch security vulnerabilities in the stable 1.x release.
If you discover a security vulnerability within Flarum, please send an email to security@flarum.org so we can address it promptly.
We will get back to you as time allows. Discussions may commence internally, so you may not hear back immediately. When reporting a vulnerability, please provide your GitHub username (if available), so that we can invite you to collaborate on a security advisory on GitHub.