| Version | Supported |
|---|---|
| 1.0.x | Yes |
Do not report security vulnerabilities through public GitHub issues.
Instead, please use GitHub's private vulnerability reporting to disclose security issues responsibly.
- A description of the vulnerability
- Steps to reproduce
- The affected version (run
ccs --version) - Your OS and shell environment
- If applicable, a suggested fix
- Acknowledgment within 48 hours
- Initial assessment within 5 business days
- Fix or mitigation plan communicated as soon as the issue is confirmed
Security issues relevant to this project include:
- Accidental exposure of API keys or auth tokens in logs, output, or files
- Injection vulnerabilities in shell scripts (command injection via user input)
- Unsafe handling of temporary files
- Privilege escalation in install/uninstall scripts
General questions or non-sensitive bug reports should use the normal issue tracker.