Security fixes are provided in new releases and bugfix releases.
We do not backport security fixes to older releases.
(Yet, Linux distributions might backport security fixes for their packages.)
Please do not report vulnerabilities via GitHub issues.
If you have discovered a vulnerability, it is best to notify us about it via security@nim-lang.org in order to set up a meeting where we can discuss the next steps.