Only the latest MINOR version (MAJOR.MINOR.PATCH) is officially supported. However, in the case of a major security vulnerability, a patch may be backported to earlier versions as well.
Please report any found vulnerability using the
GitHub private vulnerability reporting tool,
available under the Security tab. Please allow for up to 30 days for the
vulnerability to be fixed. If after this time the issue has not been
acknowledged, please feel free to disclose it openly, for example via
RustSec.
Your report should contain affected verion(s), a description of the issue, and way to reproduce the issue if applicable. You are welcome to suggest solutions to the issue. If you do not want to be credited with the finding, please state so in your report.