Only the greatest published version (according to SemVer) will be supported. This version will be indicated as the "Latest Release" on GitHub Releases.

Use GitHub's built-in reporting mechanism for disclosure. Go to the repository's Security tab -> Advisories -> New draft security advisory.