| Version | Supported |
|---|---|
| 0.14.x | ✅ |
| < 0.14 | ❌ |
Please do not open a public GitHub issue for security vulnerabilities.
Instead, use GitHub's private vulnerability reporting: Report a vulnerability
We will acknowledge your report within 72 hours and work with you on a coordinated disclosure.
- 72 hours: Initial acknowledgment of your report
- 7 days: Assessment and initial response
- 30 days: Target for patch release (if applicable)
-
API Tokens
- Never commit tokens to version control
- Rotate tokens regularly
- Use minimal required permissions
-
Environment Variables
- Keep .env files secure and private
- Use separate tokens for development/production
-
Access Control
- Regularly audit Confluence space access
- Follow principle of least privilege
-
OAuth Client Credentials
- Never share your client secret publicly
- Be aware that printing client secrets to console output poses a security risk
- Console output can be logged, screen-captured, or viewed by others with access to your environment
- If client secrets are exposed, regenerate them immediately in your Atlassian developer console
- Consider using environment variables or secure credential storage instead of direct console output