| Version | Supported |
|---|---|
| 1.1.x | Yes |
| 1.0.x | Yes |
| 0.27.x | Yes (upgrade to 1.1.x recommended) |
| 0.12.x – 0.26.x | Best-effort only |
| < 0.12 | No |
Please do not open a public GitHub issue for security-sensitive reports.
Email the maintainer with:
- A description of the issue and impact
- Steps to reproduce
- Affected versions
We aim to acknowledge reports within a few business days and will coordinate a fix and disclosure timeline with you.
tick stores your Jira API token in ~/.config/tick/token or config.toml. Treat these files like passwords:
- Restrict file permissions (
chmod 600on the token file) - Prefer
TICK_TOKENin your shell environment for ephemeral sessions - Never commit tokens to git
tick writes per-view ticket JSON under ~/.config/tick/cache/. These files can contain issue summaries and metadata. Restrict directory permissions and treat the cache as sensitive on shared machines.