Considering the amount of resources necessary to backport security or bug fixes to previous, unsupported nextcloud-open-in-cryptpad versions, it's not something we do. However, we quickly release new minor versions in case of need.
Please keep up with the latest release published here: https://github.com/cryptpad/nextcloud-open-in-cryptpad/releases
Note that every GitHub release page has an RSS compatible feed that you can subscribe on to be informed of every new release.
We do also communicate about this topic on:
Vulnerabilities can be reported using the GitHub Security interface. You can also send us an email at [email protected]