We will endeavour to support:

• The most recent minor release with bug fixes.
• The latest minor release from the last major version for 6 months after a new major version is released with critical bug fixes.
• All versions if a security vulnerability is found provided:
  • Upgrading to a later version is non-trivial.
  • Sufficient people are using that version to make support worthwhile.

If you find what you think might be a security vulnerability with repository-orm, please do not create an issue on github. Instead please email lyz-code-security-advisories@riseup.net I'll reply to your email promptly and try to get a patch out ASAP.