We take the security of Inkline and its generated output seriously. Thank you for helping keep the project and its users safe.
Inkline is pre-1.0 and under active development. Security fixes land on the latest published release of each package; older versions are not patched. Please upgrade to the latest version before reporting.
| Version | Supported |
|---|---|
| Latest release | ✅ |
| Older releases | ❌ |
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, report them privately through GitHub's built-in advisory workflow:
- Go to the Security tab of the repository.
- Click "Report a vulnerability" to open a private advisory.
- Include a description, the affected package(s) and version(s), and a minimal reproduction.
This routes your report privately to the maintainers via GitHub private vulnerability reporting.
- Acknowledgement within 5 business days.
- An assessment and, if accepted, a fix timeline communicated through the advisory thread.
- Credit for the discloser once a fix is released, unless you prefer to remain anonymous.
Please give us a reasonable window to release a fix before any public disclosure.