We only support the latest version of TinaCMS. If you are experiencing a security issue and are not on the latest version, please update to the latest version to see if the issue persists.
| Version | Supported |
|---|---|
| Latest | ✅ |
| < Latest | ❌ |
We take the security of TinaCMS seriously. If you believe you have found a security vulnerability in the latest version of TinaCMS, please report it to us as described below.
Do not report security vulnerabilities through public GitHub issues.
Please email us directly at [email protected].
You can also find our security contact details in our security.txt.
To help us triage and resolve the issue quickly, please include:
- The specific package(s) affected (e.g.,
tinacms,@tinacms/cli, etc.) - The version of the package where the vulnerability was found (must be the latest).
- A proof-of-concept or detailed steps to reproduce the issue.
- Any relevant configuration files (sanitized of secrets).
- We will acknowledge receipt of your report.
- We aim to provide a preliminary assessment or triage quickly.
- We will notify you when a fix has been released.
Thank you for helping keep TinaCMS safe!