The latest stable release on CPAN is supported for security updates. (By convention, releases with an underscore in their version number are not considered to be stable releases.)
If you are using an older release, you are advised to upgrade.
A list of changes between versions can be found in the Changes file on CPAN with security-related changes tagged "SECURITY" in capital letters.
Please report any issues via RT.
If you are concerned that some of the details of your report may lead to an exploit being made public, then keep your issue report vague, and email the details to me directly. My email address can be found on my GitHub profile.