Only the latset version is supported, because right now there's no V1/V2 division. Older version may be used at your own risk, since they may be vulderable, or have outdated dependencies.
If you've found a security vulnerability, depending on it's severity, you can either:
- Create a bug report on the Issues page
- Report directly to the maintainers
First option is recommended for all non-critical security problems. And the latter one is recommended for problems such as (but not limited to):
- Gaining full access to the machine running code;
- Gaining access to the API token of the bot;
- Sending messages to users as a bot;
- Reading other's messages as a user;
- ...