At the moment, we only officially support the latest version of the project with security updates.
Please report any vulnerabilities by opening an issue and including as many details as you can. We will prioritize security reports above other issues.
We don't currently offer a bounty for OSS vulnerabilities, but if it affects one of the eligible targets, you might qualify for a reward.