Only code in src/ is within the scope of this security policy, as it's the only code shipped to the user. For all other kinds of vulnerabilities - unless you can show that it could harm the user, simply open an issue or make a PR.

The only supported version is the most recent version. No LTS releases or similar are provided/supported.

If you find a vulnerability, mail me at: [email protected] You can expect an answer after not more than 72 hours.