Security updates are applied only to the most recent release.

To report a security issue, please email security@xgboost-ci.net with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.

All support will be made on the best effort base, so please indicate the "urgency level" of the vulnerability as Critical, High, Medium or Low.