The only supported version is the latest minor version released. As soon as a new minor version is released, support for the older one drops.

In order to report a security vulnerability, please contact me at mail@georg-krause.net. Use GPG if possible.

If the vulnerability is confirmed, I will work on a fix and a new version as soon as possible. Since maintaining this package isn't my day job, this could take a few days.