As with most R packages, only the latest package version is supported with bug fixes, features, etc. This also applies to security updates.

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.