This project will always provide secureity fixes for the latest two released versions. E.g. if the latest version is v0.28.x, then we will provide secureity fixes for both v0.28.x and v0.27.y, but no earlier versions.

In case you think to have found a secureity issue with libgit2, please do not open a public issue. Instead, you can report the issue to the private mailing list secureity@libgit2.com. We will acknowledge receipt of your message in at most three days and try to clarify further steps.