AllBlue provides security updates and support for the following major versions:

Because AllBlue operates on sensitive digital forensics data, any vulnerability that allows for evidence spoliation (the modification or deletion of original case data) is treated as a critical severity issue.

If you discover a vulnerability, an execution loophole, or a prompt injection method that bypasses the Custom MCP Server's type-safety constraints, please do not open a public issue.

Instead, reach out directly to the maintainers via the project's primary contact method outlined in the repository. You can expect an initial acknowledgment within 48 hours, followed by a timeline for a patch. Once the patch is merged and tested against the Protocol SIFT baseline, a public disclosure will be made.