The 3.8.x versions of XNIO are supported for security bug fixes.
If you find a vulnerability, please email secalert@redhat.com. To expedite things, you can copy the project maintainers: David M. Lloyd (dmlloyd@redhat.com), Flavia Rainone (frainone@redhat.com), and Richard Opalka (ropalka@redhat.com). This will ensure the bug is properly handled without causing unnecessary negative impacts for the XNIO's user base. You can find more information about the security procedures at this page.