If you believe you have found a security vulnerability within Infracost, please let us know right away. We'll try and fix the problem as soon as possible.
Do not report vulnerabilities using public GitHub issues. Instead, email security@infracost.io with a detailed account of the issue. Please submit one issue per email, this helps us triage vulnerabilities.
Once we've received your email we'll keep you updated as we fix the vulnerability.
This repository contains the v1 release line of the Infracost CLI (versions 0.x). The v2 release line lives in infracost/cli and is covered by its own security policy.
The v1 line receives security patches only. Bug fixes and new features land in v2.
We release patches for security vulnerabilities as soon as they are found and fixed. Please refer to the below table to understand which CLI versions are eligible for security patches.
| Version | Supported |
|---|---|
| 0.10.x | ✅ |
| 0.9.x | ✅ |
| < 0.9.0 | ❌ |