Only the latest release receives security updates. Older releases are unsupported and may contain unpatched vulnerabilities.
If you believe you found a security vulnerability, report it privately:
- Email: security@attentionfirst.dev
- Do not open a public GitHub issue for security vulnerabilities
Please include the following details in your report:
- Description of the vulnerability
- Steps to reproduce
- Affected version
- Potential impact
Response timeline:
- We acknowledge reports within 48 hours
- We provide an initial assessment within 7 days
Disclosure process:
- We follow coordinated disclosure with a 90 day window