This project is still in active development and I'm not even pretending that it's ready for a production deployment. I don't support any version of the software, and I have no need for secrecy if you find any vulnerabilities worth reporting.
When I open this up for anyone to use, I imagine I'll have a table like this one, showing which versions I'm currently supporting:
| Version | Supported |
|---|---|
| 5.1.x | ✅ |
| 5.0.x | ❌ |
| 4.0.x | ✅ |
| < 4.0 | ❌ |
Also, once this is live and people's data is at stake, I imagine I'll have to create a form somewhere for you to report vulnerabilities; but for the moment, if you find something, just make a github issue.