Only the latest release of Lively will be provided with security patches, old releases will not be patched or supported.
Report to Awoo.git@gmail.com with the title Security vulnerability (Lively)
If I'm free you will get reply within 48 hours.
If the issue is confirmed, a new release with the patch is published as soon as possible depending on complexity of the issue.