Only the last build of docker images are supported. All built versions of arma3sync are supported though you shouldn't use outdated versions of arma3sync in production environments.
We use a periodic matrix build to maintain our docker images up-to-date regarding dependancies. Vulnerabilities may still be found in the docker images, which you can report by opening a github issue.
In case of vulnerability in arma3sync, please contact the author on the arma3sync thread on Bohemia Interactive Forums.
In case of vulnerability in OpenJDK, please report the issue to them according to their security policy.
This project does not provide any bug bounty program.