Upstream recently committed several bugfixes including three security vulnerabilities (two with CVE's), and it appears a new release (likely 1.0.7) may also be imminent.
The 2 (actual) + 1 (potential) security vulnerabilities:
Make sure nSelectors is not out of range (CVE-2019-12900)
bzip2recover: Fix use after free issue with outFile. (CVE-2016-3189)
bzip2recover: Fix buffer overflow for large argv.
CC re@ as we probably want this in 11.3-RELEASE
A commit references this bug:
Date: Fri Jun 28 01:53:35 UTC 2019
New revision: 349495
Update upgrade instructions.