Security fixes are provided in new releases and bugfix releases.

We do not backport security fixes to older releases.

(Yet, Linux distributions might backport security fixes for their packages.)

Please do not report vulnerabilities via GitHub issues.

If you have discovered a vulnerability, it is the best to notify us about it via security@nim-lang.org in order to setup a meeting where we can discuss the next steps.