Only the latest released version of Lookout receives fixes.
| Version | Supported |
|---|---|
| latest release | ✅ |
| older | ❌ |
Please do not report security issues through public GitHub issues.
Instead, use GitHub's private vulnerability reporting:
- Go to the repository's Security tab.
- Click Report a vulnerability.
- Describe the issue, including steps to reproduce and the Obsidian / plugin version affected.
We aim to acknowledge a report within a few days and will keep you updated on the fix and disclosure timeline.
Lookout is a client-side Obsidian plugin with no network access and no runtime dependencies, so its attack surface is limited to the rendering of note content; reports about unsafe handling of note/diagram/table content are especially welcome.