The list of currently supported versions receiving security updates is available in the documentation.
You can report any security vulnerability affecting Rudder sources, packages, or infrastructure (repositories, websites, etc.) you have found by contacting the Rudder security team at: security@rudder.io
You can encrypt your messages using our key (fingerprint : 340C 9645 2F9A 816C 330A 99B7 C854 668E 3617 3DB3).
To know more about vulnerability announcements and reporting, read our website.