Security

SECURITY.md

Security Policy

Supported Versions

Only the latest released version receives security updates. Older releases are not supported for security fixes.

Reporting a Vulnerability

If you believe you found a security vulnerability, report it privately by email:

Email: security@attentionfirst.dev
Do NOT open a public GitHub issue for security vulnerabilities

Include the following details in your report:

Description of the vulnerability
Steps to reproduce
Affected version
Potential impact

Response timeline:

We acknowledge reports within 48 hours
We provide an initial assessment within 7 days

Disclosure policy:

We follow coordinated disclosure with a 90 day window before public disclosure

There aren’t any published security advisories