We don't do releases of the CryptPad Blog, deployments are directly handled on our servers.
In case of issue we'd likely communicate about it on:
Vulnerabilities can be reported using the GitHub Security interface. You can also send us an email at security@cryptpad.org