Currently no versions of this project will recieve security patches. You should still report vulnerabilities, they just won't be back-ported.

Open a new issue describing the problem.

Security vulnerabilities are treated like regular issues.
All issues are triaged and prioritisied based on severity.
Once the issue is in progress (i.e. a branch has been created), if you would like an update on progress then please ask using the same ticket.
We endeavour to be transparent so if we decide to close the issue then we will state our justification; if you would like to dispute our decision, please open a new ticket as we may not see new comments on closed issues.