Only the latest version of BetterRandom will be supported, unless and until a paying customer requests updates to a specific older version with which the current version is not backward-compatible.
Coordinated disclosure is organized by Tidelift according to their policy.
If a vulnerability arises in a library and can be fixed by updating that library, it can be reported publicly, since some robots already do this.