Until the project has a more formal support matrix, the latest released version is the only version that receives security fixes.

Please do not report security issues through public GitHub issues.

Instead:

1. Use the repository security advisory feature if it is enabled.
2. If no advisory channel is configured yet, contact the maintainer through the GitHub profile at https://github.com/spmse and request a private follow-up channel.
3. Include enough detail to reproduce and assess the issue.

Maintainers should acknowledge a valid report promptly, assess severity, and coordinate a fix before public disclosure when possible.