We fix security problems in the latest version. These fixes can often be backported to previous versions, but we don't usually issue revisions of older releases.

All versions pre-Phoenix are now out of support entirely. This includes Edge, Frozen, and Gold.

The latest .0 is in long term support. People running versions prior to that should update at least to the latest .0 release before reporting security vulnerabilities. We prefer that reports are made in the latest release.

To report a security vulnerability, please do one of the following:

1. Report the vulnerability using Github Security Advisories. This is our preferred method.
2. Join the CE Phoenix Cart Forum and send a PM to ecartz and burt.
3. Email ecartz and gburton, using the commit email addresses.