Only the latest version within each major release (we use semantic versioning: https://semver.org/) is supported for security updates. This should be sufficient for most use cases, as each minor and patch version is backwards compatible.

Please report vulnerabilities under the security tab or email Christopher K. Long at ckl45@cam.ac.uk.