The most recent major version of devise_cas_authenticatable is supported with security updates. For example, if the current version of the package is 1.3.2, and we receive a vulnerability report and fix it, we will release version 1.3.3. Because we use semantic versioning, it should always be safe for users of any 1.x version to update to this release.
We use Tidelift for coordinated vulnerability disclosure. To report vulnerabilities, go to https://tidelift.com/security.