Only latest version is supported. Note that the project does not follow semver, but effort is made to minimize API / package changes within a patch version.
Preference is to open an issue to track changes and requirements - avoid direct messages as they cannot be tracked and are dependent on a maintainer's bandwidth.
Security issues are prioritised below RFC MUST/REQUIRED/SHALL compliance bugs, but above SHOULD/RECOMMENDED.