Flyte follows the n-1 model when it comes to patching security vulnerabilities. That means current (latest) release as well as the version before that will be patched regularly.
Please use the button at the security tab under any of the repositories in flyte to report a potential vulnerability. If you are not sure which repository a vulnerability belongs to, please use this one: https://github.com/flyteorg/flyte/security/
You should expect an acknowledgement of your report within the first 48 hours. Depending on the severity of the issue reported, the reporter may be contacted more frequently afterwards. We do take every security issue very seriously and patch promptly when appropriate.