Patches are considered for the two versions under active development in the main and dev branches. Normally, main will contain the most recent release version under maintenance, and dev will be a prerelease version undergoing active development.
Please report any possible vulnerabilities using the Security tab in the repository header.
See this additional information from GitHub on private vulnerability reporting.