diff --git a/Readme.md b/Readme.md
index 8919eb7..2404089 100644
--- a/Readme.md
+++ b/Readme.md
@@ -6,17 +6,21 @@ Useful for shell scripting.
 ```
 # Resolves the latest Node.js version by default
 $ curl https://resolve-node.now.sh
-v11.0.0
+v13.0.1
 
 # The special `lts` path resolves latest Long Term Support (LTS) version
 $ curl https://resolve-node.now.sh/lts
-v10.13.0
+v12.13.0
 
 # LTS version resolution by code name via `lts/:codename` is also supported
-$ curl https://resolve-node.now.sh/lts/carbon
-v8.12.0
+$ curl https://resolve-node.now.sh/lts/dubnium
+v10.17.0
 
 # Semver is also supported
 $ curl https://resolve-node.now.sh/8.x
-v8.12.0
+v8.16.2
+
+# Restricting to security-only releases is also supported
+$ curl https://resolve-node.now.sh/lts/dubnium?security=true
+v10.16.3
 ```
diff --git a/index.js b/index.js
index 4947604..c0083b7 100644
--- a/index.js
+++ b/index.js
@@ -5,7 +5,7 @@ const { maxSatisfying } = require('semver')
 
 const INDEX = 'https://nodejs.org/dist/index.json'
 
-async function resolveVersion(tag) {
+async function resolveVersion(tag, filters = {}) {
   const res = await fetch(INDEX)
 
   if (!res.ok) {
@@ -21,6 +21,10 @@ async function resolveVersion(tag) {
     body = body.filter(b => b.lts && (codename ? b.lts.toLowerCase() === codename : true))
   }
 
+  if (filters.security) {
+    body = body.filter(b => b.security)
+  }
+
   const data = new Map(body.map(b => [b.version, b]))
   const versions = body.map(b => b.version)
   const matchTag = isLts ? '*' : tag
@@ -38,7 +42,8 @@ async function handler (req, res) {
     decodeURIComponent(pathname.substr(1)) ||
     '*'
   ).toLowerCase()
-  const match = await resolveVersion(tag)
+  const onlyIncludeSecurityReleases = query.security === 'true'
+  const match = await resolveVersion(tag, {security: onlyIncludeSecurityReleases})
 
   if (!match) {
     res.statusCode = 404
diff --git a/test.js b/test.js
index 954e085..ec0dce2 100644
--- a/test.js
+++ b/test.js
@@ -10,11 +10,13 @@ const { test } = require('ava')
 const mockedFetch = fetchMock
   .sandbox()
   .mock('https://nodejs.org/dist/index.json', [
-    { version: 'v11.1.0', lts: false },
-    { version: 'v10.13.0', lts: 'Dubnium' },
-    { version: 'v8.12.0', lts: 'Carbon' },
-    { version: 'v8.11.4', lts: 'Carbon' },
-    { version: 'v6.14.4', lts: 'Boron' }
+    { version: 'v13.0.1', lts: false, security: false },
+    { version: 'v12.13.0', lts:'Erbium', security: false},
+    { version: 'v12.8.1', lts: false, security: true},
+    { version: 'v10.13.0', lts: 'Dubnium', security: false },
+    { version: 'v8.12.0', lts: 'Carbon', security: false },
+    { version: 'v8.11.4', lts: 'Carbon', security: true },
+    { version: 'v6.14.4', lts: 'Boron', security: true }
   ])
 
 const api = proxyquire('.', {
@@ -59,12 +61,12 @@ test('should 404 on empty codename (path segment)', async t => {
 
 test('/', async t => {
   const res = await fetch(t.context.url)
-  t.is(await res.text(), 'v11.1.0')
+  t.is(await res.text(), 'v13.0.1')
 })
 
 test('/lts', async t => {
   const res = await fetch(`${t.context.url}/lts`)
-  t.is(await res.text(), 'v10.13.0')
+  t.is(await res.text(), 'v12.13.0')
 })
 
 test('/lts/Carbon', async t => {
@@ -79,15 +81,40 @@ test('/8.x', async t => {
 
 test('/?tag=lts', async t => {
   const res = await fetch(`${t.context.url}/?tag=lts`)
-  t.is(await res.text(), 'v10.13.0')
+  t.is(await res.text(), 'v12.13.0')
 })
 
-test('/?tag=lts/Boron', async t => {
-  const res = await fetch(`${t.context.url}/?tag=lts/Boron`)
-  t.is(await res.text(), 'v6.14.4')
+test('/?tag=lts/Dubnium', async t => {
+  const res = await fetch(`${t.context.url}/?tag=lts/Dubnium`)
+  t.is(await res.text(), 'v10.13.0')
 })
 
 test('/?tag=8.11.x', async t => {
   const res = await fetch(`${t.context.url}/?tag=8.11.x`)
   t.is(await res.text(), 'v8.11.4')
 })
+
+test('/?security=true', async t => {
+  const res = await fetch(`${t.context.url}/?security=true`)
+  t.is(await res.text(), 'v12.8.1')
+})
+
+test('/lts?security=true', async t => {
+  const res = await fetch(`${t.context.url}/lts?security=true`)
+  t.is(await res.text(), 'v8.11.4')
+})
+
+test('/lts/Carbon?security=true', async t => {
+  const res = await fetch(`${t.context.url}/lts/Carbon?security=true`)
+  t.is(await res.text(), 'v8.11.4')
+})
+
+test('/6.x?security=true', async t => {
+  const res = await fetch(`${t.context.url}/6.x?security=true`)
+  t.is(await res.text(), 'v6.14.4')
+})
+
+test('/13.x?security=true', async t => {
+  const { status } = await fetch(`${t.context.url}/13.x?security=true`)
+  t.is(status, 404)
+})
\ No newline at end of file