Because new versions are either backwards compatible or break this compatibility for a good reason, only the last version is supported. Support is done by best effort, without any guarantees.
Pull requests for security issues with older major and minor versions are accepted, if that version is the last one supported by an older IntelliJ version.
To report a vulnerability, please create an issue: this ensures proper notifications are sent.
Security vulnerabilities will be fixed either quickly, or as soon as an upstream fix in a library is available.
On the off chance a security vulnerability does not apply, it'll be declined with an explanation why it doesn't apply.