Generally, fixes are applied only to the current release of express-rate-limit, but we may choose to backport to older releases in some circumstances.

Please report vulnerabilities privately via GitHub. Please refer to this guide on how to do the same.