Security fixes are applied to the latest version.
If you find a potential security issue, please report it to [email protected] (the current maintainer).
We will try to find a fix in a timely manner and will then issue a security advisory together with the update via Github (example).
If you don't get a reaction within 30 days, please open a public issue on GitHub.