Lychee uses a rolling release system, we do not backport fixes to previously released versions. Those are the versions where we accept vulnerability reports.

As described in our contribution guide, if you discover a security vulnerability within Lychee, please contact us directly on gitter. All security vulnerabilities will be promptly addressed.