We release patches for security vulnerabilities. Currently supported versions:

We take the security of CLI Todo App seriously. If you believe you have found a security vulnerability, please report it to us as described below.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them via one of the following methods:

1. GitHub Security Advisory: Use the Security Advisory feature
2. Email: Send details to the repository maintainer (check GitHub profile for contact)

• Type of vulnerability
• Full paths of source file(s) related to the vulnerability
• Location of the affected source code (tag/branch/commit or direct URL)
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the vulnerability, including how an attacker might exploit it

• Acknowledgment: We'll acknowledge your report within 48 hours
• Updates: We'll provide regular updates on our progress
• Timeline: We aim to release a fix within 30 days for critical issues
• Credit: We'll credit you in the security advisory (unless you prefer to remain anonymous)

• All task data is stored locally in data/tasks.dat
• No data is transmitted over the network
• File permissions should be set appropriately by the user

• All user inputs are validated before processing
• Integer overflow protection in place
• String length limits enforced

1. File System Access: The application requires write access to the data/ directory
2. No Encryption: Task data is stored in plain text format
3. Local Only: This is a single-user, local application with no authentication

1. File Permissions: Ensure proper file permissions on data/tasks.dat

   chmod 600 data/tasks.dat

2. Sensitive Data: Avoid storing highly sensitive information in task descriptions

3. Updates: Keep the application updated to the latest version

4. Verification: Always verify downloaded binaries using the provided checksums

   sha256sum -c checksums.txt

Security updates will be released as patch versions (e.g., 1.0.1) and announced in:

• GitHub Releases
• Security Advisories
• Repository README

This security policy applies to:

• The CLI Todo App source code
• Official binary releases
• Documentation

It does not apply to:

• Third-party forks
• User modifications
• Unofficial builds

For security-related questions that are not vulnerabilities, please open a regular GitHub issue with the security label.

We appreciate the security research community and will acknowledge researchers who responsibly disclose vulnerabilities to us.

Last Updated: January 2025