Since our team is small, and we don't update often, we only support the latest release of Phproject. It is highly recommended that you update whenever we release a new version, as it likely includes major bug fixes, and can impact the security of your site.
If you find an issue with the security of Phproject, you may report the vulnerability on huntr.dev, or let me know personally via email at alan@phpizza.com. If emailing, I recommend encrypting your communication with my PGP public key.
I'll do my best to get back to you within 48 hours, at least with an idea of when we can fix the issue. Major issues that involve significant changes to the application can take several weeks since no one works on this project full time, but we'll do what we can to fix things.
If it's been more than a week and we haven't replied, or if we have replied but it's been a while and we haven't communicated or fixed the issue you found, let us know and we'll invite you to a private fork where we can collaborate on a fix.