At present, we have one live project which we are hosting. We are active devloping, so have not yet produced a supported release version.

At present, you can report a vulnerability to @robertlread or @devhawk if you wish to do so privately. As of Jan 1st, our installed base is tiny (we think!) so you can also just create an issue.