We actively patch only the most recent minor release of Cline. Older versions receive fixes at our discretion.

We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.

To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab.

The team will send a response indicating the next steps in handling your report. After the initial reply, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

When reporting, please include:

• A short summary of the issue
• Steps to reproduce or a proof of concept
• Any logs, stack traces, or screenshots that might help us understand the problem

We acknowledge reports within 48 hours and aim to release a fix or mitigation within 30 days. While we work on a resolution, please keep the details private.

If you do not receive an acknowledgement of your report within 5 business days, you may send an email to security@cline.bot.

Thank you for helping us keep Cline users safe.