There is only one branch for updates, so only the latest versions have security updates.

If a bug is related to the following issues:

• Filesystem sandbox escape (outside of mounts)
• Process/library loading
• Arbitrary code execution
• Network rule bypass
• Any other form of reading host information (excluding LuaJIT)

it is a security vulnerability, and should be reported as such.

Use the Security tab to privately report a vulnerability. It will be reviewed, and if it's valid, a patch will be made available within a week (depending on the severity of the vulnerability).