Since the fangame is a non-profit project (just as every Kagescan-related projects), we don't provide any bug bounty nor reward policy.

The code inside the master branch. Production and beta builds may not be fixed, this will depends on the vulnerability severity.

To report a security vulnerability, please contact me with my public github e-mail or the discord link in my user profile (https://github.com/LoganTann).

We will do our best to answer you as soon as possible, generally unders 24 business hours.
Still, the fangame is made on our free time so we cannot guarantee a quick vulnerability fix, but we will keep you informed as much as possible.