Only the latest release is supported with security updates.
Report security vulnerabilities by email to security@attentionfirst.dev.
Do not open a public GitHub issue for security vulnerabilities.
Please include:
- A clear description of the vulnerability
- Steps to reproduce
- The affected version
- The potential impact
Response timelines:
- Acknowledgment within 48 hours
- Initial assessment within 7 days
We follow coordinated disclosure with a 90 day window before public disclosure.