Older versions are not being patched as the upgrade process there are currently no reasons for not upgrading to the latest released version.

In case you find a vulnerability, please report it via issue or email as soon as possible.

You can directly propose a solution using a Pull Request (see CONTRIBUTING file).