Only the latest release receives security fixes. Users are encouraged to keep up to date via the in-app update mechanism.

Please do not report security vulnerabilities through public GitHub issues.

Instead, use GitHub's private vulnerability reporting: Report a vulnerability

Alternatively you can email kpgrear@gmail.com with the subject line [EDAI Security].

Please include:

• A description of the vulnerability and its potential impact
• Steps to reproduce or proof-of-concept
• Any suggested mitigations if known

• Acknowledgement within 48 hours
• Status update within 7 days
• Credit in the release notes if you wish to be named

Fixes will be released as a patch version and disclosed publicly once the update is available.