Because of limited resources and general compatibility between versions only the latest release of FontLib is actively supported.

In order to give the community time to respond and patch we strongly urge you report all security issues privately. New vulnerabilities can be reported through the GitHub Security Advisories feature. If you have any questions email us at security@dompdf.org and we will respond ASAP.