The 9.2.x series is currently being supported, and will continue to receive security updates.
JRuby 9.3 is in development on the master branch, for release summer 2020.
Please report vulnerabilities by emailing security@jruby.org. You can expect a response within 24 hours.