Only the latest published release receives security updates. Older releases are not supported for security fixes.
If you believe you have found a security issue, report it privately by email: security@attentionfirst.dev.
Do NOT open a public GitHub issue for security vulnerabilities.
Please include:
- A clear description of the vulnerability
- Steps to reproduce
- The affected version
- The potential impact
Expected response time:
- Acknowledgment within 48 hours
- Initial assessment within 7 days
We follow coordinated disclosure with a 90 day window before public disclosure, unless a different timeline is agreed in writing.