Hey. Seems there were at least a series of commits from upstream last November and few again this January. And there even seem to be some more in their dev branch.
The number of CVEs mentioned by Salvatore is worrying, but it looks even much worse over the years for ntfs-3g: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ntfs-3g Plus it seems ntfs-3g upstream is even less active than ntfs3's: https://github.com/tuxera/ntfs-3g/ Last commit June 2023. Of course this could also just mean that ntfs-3g is simply more mature and less issues are found - dunno. Security-wise the same, could mean that they've no ironed out all issues, or simply no-one looks at it anymore. What I did notice in this bug is that quite some people pushed for enabling it, with email addresses that look in style similar to those that where used in the XZ social engineering or like throw away addresses. Cheers, Chris.
