MVP (current unreleased version; the code in the production branch) is supported.

Firstly, thank you very much for your responsible reporting!

Please email getourchive@gmail.com to report a vulnerability. We take security seriously. You should receive a response within 24 hours.

We will develop and release a patch, at which point we will disclose the vulnerability (and provide credit, should you desire, for the report). We request that the vulnerability and exploitation details not be disclosed to others until we have released a patch.