Since new versions are backwards compatible with all older versions only few recent versions are supported. In case of security problem with old unsupported version recommended solution is an upgrade.

Latest version will receive security fixes with release of new fixed version. Older versions will receive security fixes as set of applicable patches. Security fixes for latest version is a first priority.

Please report vulnerabilities via email to vladislav (at) vm-0.com. If possible, please use PGP encryption with my public key.

Only vulnerabilities directly related to this software are accepted. Vulnerabilities related to MTA-STS standard itself will be rejected and you'll have to report them to standard authors by yourself.

You may expect first preliminary response on vulnerability report within hours and fix within one or few days, depending on issue complexity.