Only the latest release is supported.

Vulnerabilities can be sent in via email to avoid publishing in the open. Oh My Posh does not have a bounty program, neither do we respond to bug bounties.

For valid security concerns, you can expect a response within 48 hours, and credit is given once an acceptable fix is found and published.