# Security Policy

## Supported Versions

Only the latest [release][releases] is supported.

## Reporting a Vulnerability

Vulnerabilities can be sent in via [email][email] to avoid publishing in the open.
Oh My Posh does not have a bounty program, neither do we respond to bug bounties.

For valid security concerns, you can expect a response within 48 hours,
and credit is given once an acceptable fix is found and published.

[releases]: https://github.com/JanDeDobbeleer/oh-my-posh/releases
[email]: mailto:security@ohmyposh.dev