The current "head" version ("master" branch) undergoes some automatic tests, but may have defects and vulnerabilities. All development branches may be in an intermediate, untested state.
For released versions, additional tests are performed, including manual tests, static source code analysis and fuzz testing.
Defects will be fixed in the current head version. Selected, critical defects are fixed in the latest release as well.
Please send vulnerability reports by email to bel2125 at gmail com. Vulnerability with low severity can be sent directly by email.
For high severity vulnerabilities, you can get a private key to encrypt your detailed description on vulnerabilities you want to report.
If you do not get any response within ten days, your email might have got lost (e.g., deleted as spam) - in this case, please open a GitHub issue.