As an open source product, we will only patch the latest major version for security vulnerabilities. Previous versions of budibase will not be retroactively patched.
You can get in touch with us regarding a vulnerability via email at community@budibase.com.
You can also disclose via huntr.dev. If you believe you have found a vulnerability, please disclose it on huntr and let us know.
https://huntr.dev/bounties/disclose
This will enable us to review the vulnerability and potentially reward you for your work.