Only the latest released version of Lookout receives fixes.

Please do not report security issues through public GitHub issues.

Instead, use GitHub's private vulnerability reporting:

1. Go to the repository's Security tab.
2. Click Report a vulnerability.
3. Describe the issue, including steps to reproduce and the Obsidian / plugin version affected.

We aim to acknowledge a report within a few days and will keep you updated on the fix and disclosure timeline.

Lookout is a client-side Obsidian plugin with no network access and no runtime dependencies, so its attack surface is limited to the rendering of note content; reports about unsafe handling of note/diagram/table content are especially welcome.