Pacemaker's 2.1 and 3.0 release series are actively developed and receive security fixes.

If you have a support contract with an operating system vendor such as Red Hat or SUSE, please submit potentially security-related reports via the vendor's usual method. Otherwise, please submit a report via:

https://github.com/ClusterLabs/pacemaker/security

See https://projects.clusterlabs.org/w/cluster_administration/cves/