SQLite Forum

How do i submit a bug report
Well, Lemon is not critical, in the sense that it is run only at build-time,  
not runtime, and thus any vulnerability you may find is not essential to SQLite.

That's different about the C code Lemon generates, which **IS** used in SQLite.  
So given how busy DRH is, you may find your reports not quickly acted on I suspect, if at all.

Also note that Lemon's purpose is to serve SQLite primarily.  
Richard has made Lemon fixes reported/provided on the list several times,  
even though those fixes didn't affect SQLite's own use-case with Lemon.  
Still, *support* on Lemon cannot be considered in the same category as SQLite's.

My $0.02, from a non-team member.