Please use the project's GitHub private vulnerability reporting page to report security issues.

Once the vulnerability has been confirmed and a fix implemented, a new release will be published. This will usually be a patch-level release unless a more significant major/minor-level release coincides with the fix.