Elixir applies bug fixes only to the latest minor branch. Security patches are available for the last 5 minor branches:

New releases are announced in the read-only announcements mailing list. You can subscribe by sending an email to elixir-lang-ann+subscribe@googlegroups.com and replying to the confirmation email. Security notifications will be tagged with [security].

You may also see all releases and consult all disclosed vulnerabilities on GitHub.

Please disclose security vulnerabilities privately via GitHub.