ImageMagick recommended practices strongly encourages you to configure a security policy that suits your local environment.
We encourage users to upgrade to the lastest ImageMagick release to ensure that all known security vulnerabilities are addressed. On request, we can backport a vulnerability to other ImageMagick versions.
Post any vulnerability as an issue. Or you can post privately to the ImageMagick development team. Most vulnerabilities are fixed within 48 hours.
In addition, request a CVE. We rely on you to post CVE's so our development team can concentrate on delivering a robust security patch.