The current medium 1.X.0 version is always supported. Previous 1.X.0 versions will not be supported. Any security fixes will be made available in a new compatible 1.0.X minor release.
You may report minor vulnerabilities within the issues tab. For significant vulnerabilities (or ones where discretion should be expected) please contact the maintainer directly.