Prior to a 1.0 release the only supported version is the most recent release.
To report a security issue, please report directly on GitHub with Private vulnerability reporting with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. This project follows a 90 day disclosure timeline.