Only current/last version supported.
Two ways.
1). Private vulnerability reporting GitHub feature
2). use encrypted email for send details for me.
- Got my PGP public key: https://aminux.files.wordpress.com/2019/07/aminux-mail-pgp-public_since-2019-07-30.asc
- Extract email from this and write encrypted email with security problem description.
- Create issue with mark SECURITY in theme.