We only add security updates to the latest MAJOR.MINOR version of the project. No security updates are backported to previous versions. If you want be up to date on security patches, make sure your SimpleLogin image is up to date.
If you've found a security vulnerability, you can disclose it responsibly by sending a summary to security@simplelogin.io. We will review the potential threat and fix it as fast as we can.
We are incredibly thankful for people who disclose vulnerabilities, unfortunately we do not have a bounty program in place yet.