Splunk Connect for Syslog does not support "hotfix" patching, so all bug fixes (including security issues) are contained within the latest GA release.
Splunk takes security vulnerabilities very seriously. When a member of the community identifies a potential security issue, it needs to be reported fully and carefully. A diligent Community helps keep us all safer and Splunk appreciates your timely and responsible disclosure of any security concern.
To report a potential vulnerability in Splunk Connect for Syslog, please contact the Splunk Product Security Team via the Splunk website: https://www.splunk.com/en_us/form/bug-submission-prodsec.html
Per the Splunk Product Security Policy, A Splunk representative will be in touch with you within 2 business days of receipt of your communication.
All fixed security bugs are listed on the Splunk Product Security Portal page: https://www.splunk.com/page/securityportal