Only the latest release is supported.

Vulnerabilities can be send in via email to avoid publishing in the open. Oh My Posh does not have a bountry program, neither do we respond to beg bounties.

For valid security concerns, you can expect a response within 48 hours, and credit is given once an acceptable fix is found and published.