The only version supported is the one corresponding to the master branch.
It would be appreciated if notifications of security vulnerabilities adhere to the Responsible/Coordinated Disclosure model.
The first step would be to contact me ([email protected]) with as much detail as possible: specific parameters used, their values, the output generated (along with screenshots), etc. It is also appreciated if the notification includes directions for fixing or mitigating the vulnerability; after receiving the information associated with the vulnerability I will prioritize its review.
humble is, in fact, a humble and personal project which I develop in my spare time: there is currently no bug bounty program.
All contributors in this area will be mentioned on the project's home page: if, on the other hand, you wish to remain anonymous, please let me know.
Thanks for your time!.