Only the latest non-prerelease version is supported.
To report a security vulnerability
You can also directly propose a GitHub security advisory on the Flit Security page of github:
https://github.com/pypa/flit/security
You can use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
If you are a tidelift subscriber, this is the preferred path