• If you have discovered a security vulnerability in this project, then please disclose it at security advisory here.
• Do not reveal the problem to others until it has been resolved, or when 90 days have passed since the security advisory was first created.
• Do not take advantage of the vulnerability problem you have discovered.

The security policy applies to all versions, but security updates will only be added as parts of a new release. The same goes for bug fixes of any kind.