The latest released version of the Shots plugin and hosted MCP server is supported. Older plugin revisions may stop receiving fixes after a newer release is available.
Please email security@hitslop.com with security reports. Include the affected component, reproduction steps, impact, and any relevant request ids or logs that do not contain secrets.
We aim to acknowledge reports within 2 business days and provide a remediation plan or status update within 7 business days for confirmed issues.
Do not include private Shots Studio data, OAuth tokens, bearer tokens, API keys, or user content in public issues.