It makes sense for the most part.
Except security fix, is really patch version.
This is semantic versioning
Given a version number MAJOR.MINOR.PATCH, increment the:
MAJOR version when you make incompatible API changes,
MINOR version when you add functionality in a backwards-compatible manner, and
PATCH version when you make backwards-compatible bug fixes.
Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.
While we reserve major revisions for non backwards compatible changes.
Ideally I would not be releasing any features in patch versions, but I do as they are usually very minor features. And do not break backward compatibility and are usually old annoyances or bad practices, and are accompanied by security fixes, at least the last few have been.
This will probably change in the future to larger minor releases, but with one active developer currently I prefer more patch like agile releases.
This detour is mainly to compensate for 3.3 already being planned and in the works, but development having slowed to a crawl on it, I am modifying patch releases as holdovers.
Like I said aside from a few features, almost everything in 3.2.1 - 3.2.3 are security or bug fixes.