Security updates will always only be applied to the latest version of Watchtower.
As the software by default is set to auto-update if you use the latest
tag, you will get these security updates automatically as soon as they are released.
Critical vulnerabilities that might open up for external attacks are best reported directly either to simme@arcticbit.se or nils@piksel.se. We'll always try to get back to you as swiftly as possible, but keep in mind that since this is a community project, we can't really leave any guarantees about the speed.
Non-critical vulnerabilities may be reported as regular GitHub issues.