We always provide security updates for the latest release. Whenever there is a security update you just need to upgrade to the latest version.
All security bugs in reductstore/reductstore (or other reductstore/* repositories) should be reported by email to [email protected].
Please, provide a detailed explanation of the issue. In particular, outline the type of the security issue (DoS, authentication bypass, information disclose, ...) and the assumptions you're making (e.g. do you need access credentials for a successful exploit).