v1 is actively maintained, and any security vulnerabilities will be patched.

v0.X will have any major security vulnerabilities patched.

We recommend opening a security advisory on GitHub, as per the documentation.

Alternatively, reach out to the maintainers via email (see setup.py for contact details).