Security updates are provided for the current main branch. If release branches or tagged versions are introduced later, supported versions will be listed here.

Please do not open a public GitHub issue for suspected vulnerabilities. Instead, report the issue privately to the repository maintainers with:

• A concise description of the vulnerability.
• Steps to reproduce or a proof of concept, when safe to share.
• Affected components, such as backend API endpoints, Electron integration, or packaging scripts.
• Any known mitigations or workarounds.

Maintainers should acknowledge receipt within a reasonable timeframe, investigate the report, and coordinate a fix and disclosure plan before public details are published.

Relevant reports include vulnerabilities in local API exposure, unsafe file handling, dependency risks, model-download behavior, and packaged desktop application configuration. Reports about third-party dependencies should also be shared with the upstream project when appropriate.