If you discover a security vulnerability in Rootline, please report it responsibly.
Do not open a public issue. Instead, email the maintainer directly or use GitHub's private vulnerability reporting.
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
You will receive acknowledgment within 48 hours and a detailed response within 7 days.
Rootline is a CLI tool that reads local files. Security concerns may include:
- Path traversal via
.stemfile references - Unsafe YAML parsing
- Command injection via hook scripts