Uyuni follows a rolling release model, so it is always the next upcoming version that will contain bugfixes for the current one as well as any new features. As there is generally no maintenance of specific versions, users will regularly need to update to the most recent version in order to receive the latest security updates. For critical bugfixes (see SUSE's simplified rating) we will release patches for the most recent released version, while flaws categorized as important, moderate or low will usually be fixed with the next rolling release.
Please report any security vulnerabilities by creating a security advisory. We will be reviewing your report, get back to you after evaluation and happily give you credits for your help with making Uyuni more secure.