All X for Latest V in V.X.Y release in main source branch of https://github.com/micsthepick/JSVocalRedISo. Patches may be released as an increment to Y, or if needed V.X.* may be stripped from releases

Generally, this shouldn't need happen, as it is more than likely the plugin host is to blame, but if there is a genuine security concern with my code specifically, open a new issue (don't put sensitive information), and if appropriate, also open a pull request, if you can fix the issue without creating further headaches.