After each new major release, the previous release will be supported for no less than 2 years, unless explictly stated otherwise. This may mean that there are multiple supported versions at any given time.
If you discover a security vulnerability within this package, please send an email to security@tidelift.com. All security vulnerabilities will be promptly addressed. Please do not disclose security-related issues publicly until a fix has been announced.