Only the latest minor release is actively patched.
Report security issues privately to: security@vivid.local
Please avoid public disclosure until a fix is available.
- plugin path traversal and import injection,
- custom repo override validation,
- manifest parsing and parameter validation.