Only the latest version is supported with security updates.
Please contact support with a proof of concept that shows the security vulnerability. Please do not contact us without this proof of concept, as we cannot fix anything without this.
For general opinions on what makes an app more or less secure, please use the forum.
Note: we're mostly linking to Chrome's documentation since our reasoning for these exclusions is the same.
No - users are allowed to link to files on their local computer. This was a feature that was implemented by popular request. There are measures in place to mitigate security risks such as a dialog to confirm whether a file with an unknown file extension should be opened.
No. This is an Electron issue and not one they will fix: electron/electron#28384
See also Physically-local attacks
No, but you should use disk encryption. See also Physically-local attacks
We do not offer a bounty for discovering vulnerabilities, please do not ask. We can however credit you and link to your website in the changelog and release announcement.