Only the latest minor version is getting patches. If some major vulnerability occurs I might update older minor versions, but that is very unlikely to happen (I'm just one person)
If you've found a vulnerability, please create a new advisory it in the Security and quality tab. These will only be visible to you and the maintainer(s) by default until patched, when they will be published.