While we want to hear about security vulnerabilities in all versions of
borgmatic, security fixes are only made to the most recently released version.
It's not practical for our small volunteer effort to maintain multiple release
branches and put out separate security patches for each.
Reporting a vulnerability
If you find a security vulnerability, please file a
ticket or send email
directly as appropriate. You should expect to hear
back within a few days at most and generally sooner.