Only the latest released version of the Birss App is supported with security updates.

If you discover a security vulnerability, please report it privately via GitHub Security Advisories (the "Report a vulnerability" button on the Security tab) rather than opening a public issue.

This is a static, client-side web application with no backend or user data, so the realistic attack surface is limited to dependency vulnerabilities and build tooling. Reports will be reviewed and addressed as soon as possible.