If your previous version is still a supported version (for any customer), then I would expect a vendor to offer the security fixed version to customers with a current support contract, and also the customer(s) that have reported the issue, as an act of good faith. If it would be possible to invest a little effort in giving them the latest version with the new features on a time limited trial for free, then that would be ideal, as they may even choose to upgrade
If that version is no longer supported, and the issue hadn't been found and resolved in a later version, I would consider offering some form of discounted upgrade deal (maybe give them 5 user licences free for the next version, or even a straight discount)
In either situation, customer satisfaction is key -- they've already helped you, so if they don't feel they get rewarded, they may spread bad feeling about your product (maybe in conversations with other vendors whilst looking to replace your product).
It may also be worth reviewing your internal business processes to reduce the impact on reverse integrating later security fixes into earlier versions, and other aspects of configuration management that would allow you to build historical versions as well as current and future.