Security updates are always applied to the latest major release and may be included in release notes and CHANGELOG.md.
If you find a potential security vulnerability please email security@prosegrinder.com rather than creating a public issue on GitHub.