Our project follows semver, so you can use every version from the changelog if you wish so, but usually you'd want to use the latest one, as that's the one that has the latest updates and goodies.
We don't add security patches to older versions, as there's little merit for that. Just use the latest version and you're good.
If you think you've found a vulnerability in our library, please don't open an issue. Instead, we ask you to responsibly disclose the vulnerability to our team at team.wordpress@infinum.com, so that we can investigate an issue and fix it as soon as possible.
Once the security issue has been disclosed we will respond in 1 - 3 days.
When reporting the vulnerability please provide as much detail as possible, so that it can be verified and reproduced.
Read more about the vulnerability disclosure process.