Only the latest release is supported with security updates.
Do not open a public issue for security vulnerabilities.
Use GitHub's private vulnerability reporting:
- Go to the Security tab
- Click "Report a vulnerability"
- Provide details about the issue
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
Security issues include:
- Arbitrary code execution
- Path traversal
- Credential exposure
- Command injection
Normal functionality (like deleting your own worktrees) is not a security issue.
We aim to respond within 7 days and will work with you to understand and address the issue.