Only the latest version is actively supported.
Please report possible vulnerabilities by email to [email protected]. Please DO NOT use GitHub issues or pull requests for this purpose.
We do not consider it a vulnerability if the superuser (is_admin=Y) account can insert scripts or delete information. That's what the superuser account is for! It will, however, be considered a serious vulnerability if someone else can trick a superuser to perform such actions inadvertently, for example through a CSRF attack.