OpenHAB release process: Security fixes? Update strategy?


I’m pretty new to OpenHAB and this thread got me thinking: What is the “official” update process for OpenHAB? Is there an anouncement mailing list? What happens if a security bugfix needs to be installed? In the FreeBSD world there is a mailing list that sends out anouncements such as this one. I would like to run OpenHAB as a reliable service that works as smooth as possible (think “Debian stable”).