The latest release of ring is supported. The fixes for any security issues found will be included in the next release.
Please use ring's security advisory reporting tool provided by GitHub to report security issues.
We strive to fix security issues as quickly as possible. Across the industry, often the developers' slowness in developing and releasing a fix is the biggest delay in the process; we take pride in minimizing this delay as much as we practically can. We encourage you to also minimize the delay between when you find an issue and when you contact us. You do not need to convince us to take your report seriously. You don't need to create a PoC or a patch if that would slow down your reporting. You don't need an elaborate write-up. A short, informal note about the issue is good. We can always communicate later to fill in any details we need after that first note is shared with us.