| Version | Supported |
|---|---|
| latest | ✅ |
| < latest | ❌ |
Please do NOT open a public issue for security vulnerabilities.
Use GitHub Private Vulnerability Reporting to report security issues.
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 7 days
- Fix release: As soon as practical
- Token storage and handling (
~/.config/velog-cli/credentials.json) - Network communication with velog.io API
- Authentication flow (JWT validation, token refresh)
- Command injection via user inputs
- Vulnerabilities in velog.io itself (report to velog.io directly)
- Issues requiring physical access to the user's machine