Only the latest release is supported with security updates. Older releases are not supported.

Report vulnerabilities by email to security@attentionfirst.dev.

• Do not open a public GitHub issue for security vulnerabilities.
• Include: description, steps to reproduce, affected version, and potential impact.
• Expected response time: acknowledgment within 48 hours and assessment within 7 days.
• We follow coordinated disclosure with a 90 day window.