We support the current version of the software only. Typically this means the security issue must be present in the main branch.
We support privately reporting security vulnerabilities within GitHub. For instructions on how to do so we recommend following this wiki page.