Skip to content

Security: hitSlop/shots

Security

SECURITY.md

Security Policy

Supported Versions

The latest released version of the Shots plugin and hosted MCP server is supported. Older plugin revisions may stop receiving fixes after a newer release is available.

Reporting a Vulnerability

Please email security@hitslop.com with security reports. Include the affected component, reproduction steps, impact, and any relevant request ids or logs that do not contain secrets.

We aim to acknowledge reports within 2 business days and provide a remediation plan or status update within 7 business days for confirmed issues.

Do not include private Shots Studio data, OAuth tokens, bearer tokens, API keys, or user content in public issues.

There aren't any published security advisories