Only latest version is supported.

To report a vulnerability feel free to reach out privately on GitHub so we can fix before a public disclosure. If the issue is on a dependency feel free to open a PR bumping such dependency without contacting us first.