Odoo S.A. does not share detailed information about existing security
issues, in particular targeted patches and exploit information, to
reduce the likelihood of 0-days in the wild.
This prevents the Security Team from performing targeted security
backports for the duration of a stable release and renders it
unsuitable for stable (similar cases which are excluded from stable
releases for the same reason are e.g. virtualbox or mysql).