PLEASE DON'T DISCLOSE SECURITY-RELATED ISSUES PUBLICLY, SEE BELOW.
Winter is evergreen, no one version is singled out for security fixes because there is no way to update just one version. Builds are continually released and security fixes will always be available in the latest build.
If you discover a security vulnerability within Winter CMS or any of the Winter.* plugins, please send an email to Luke Towers at wintercms@luketowers.ca. All security vulnerabilities will be promptly addressed.