Any version of the manager we officially distribute (see Publishing) is supported. We scan for outdated dependencies and dependabot alerts to circumvent upstream threats. As well as scan our own code with CodeQL.

Versions with the auto-updater (Windows (msi and nsis), AppImage) are signed with a cryptographic key that makes all versions of the manager refuse to install an update from an untrusted source.

Please report security issues by adding an issue or by contacting [email protected] if the issue is sensitive.