This document explains which versions of imgcli receive security updates and
how to report vulnerabilities privately.
imgcli has not published a supported release yet. Until the first release, use
the default branch as the only supported development line.
Report vulnerabilities privately through GitHub private vulnerability reporting.
Do not use public GitHub issues, pull requests, discussions, chat channels, or other public forums for vulnerability reports.
When reporting a vulnerability, include as much of the following as possible:
- affected version, commit, or deployment identifier
- a description of the issue and the security impact
- steps to reproduce or a minimal proof of concept
- any relevant logs, screenshots, or traces
- any suggested mitigations or fixes, if available