Security updates are generally only applied to the latest version of Giraffe unless the nature and impact of the vulnerability requires otherwise.
Please report critical security vulnerabilities directly to Dustin Gorski or someone from the core maintainers.