The latest 1.x stable release is supported. Fixes for relevant bugs and security issues are backported.

If you have found a security related issue, it is best to email us instead of opening a public issue. If your message is very sensitive, you may want to use PGP, but in most cases it's not needed.