We only officially support the latest minor versions of Next.js and Serverless Next.js.
Thank you for helping make the web a safer place! You may email serverlessnextjs@gmail.com to report a security vulnerability or bug, please do not create an issue publicly. We will look into and fix the issue as soon as possible, typically in a few days.
Unfortunately, as a small open-source project, we are unable to offer bug bounties at this time.