Security updates are provided only for the latest released version. Older releases are not supported for security fixes.
Report security vulnerabilities by email: security@attentionfirst.dev
Do not open a public GitHub issue for security vulnerabilities.
Include all of the following:
- Description of the vulnerability
- Steps to reproduce
- Affected version
- Potential impact
Expected response time:
- Acknowledgment within 48 hours
- Initial assessment within 7 days
Coordinated disclosure policy: We follow coordinated disclosure with a 90 day window before public disclosure.