As of May 2022 (and until this document is updated), only the v4.x.x stable releases of Strapi are supported for updates and bug fixes. Any previous versions are currently not supported and users are advised to use them "at their own risk".
- v3.x.x support is limited to Critical/High severity security updates only until December 2022
- v4.x.x is considered LTS until further notice
Please report (suspected) security vulnerabilities to security@strapi.io.
You will receive a response from us within 72 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.