Security fixes are applied to the latest mainline version of MikaCLI.
Please do not open public GitHub issues for security-sensitive bugs.
Use one of these private paths instead:
- Open a GitHub Security Advisory for this repository.
- If advisories are not enabled for you, contact the maintainer privately through GitHub and include:
- affected command or provider
- steps to reproduce
- impact
- suggested mitigation if you have one
- Never include live cookies, tokens, session exports, or QR state in bug reports.
- Redact account identifiers, personal data, and workspace URLs where possible.
- If a report needs headers or payloads, remove secrets before sharing.
Please report issues such as:
- authentication bypass
- session leakage
- unsafe local file writes
- command injection
- secret exposure in logs or outputs
- provider actions executing against the wrong account or workspace