The latest minor release receives security fixes. The v1.x line is the current supported series.

Do not open a public issue for security reports.

Use GitHub Private Vulnerability Reporting:

https://github.com/TracineHQ/actions/security/advisories/new

Please include:

• A description of the issue and its impact.
• Reproduction steps (workflow YAML, inputs, environment).
• Affected version (@v1, @v1.0.0, or a specific commit SHA).
• Contact info for follow-up.

• Acknowledgement: within 72 hours of report.
• High-severity fix: within 30 days of triage.
• Coordinated disclosure: roughly a 7-day public-update window after the fix lands, to give consumers time to repin before details become public.

This repo ships composite GitHub Actions consumed by other workflows. The trust boundary is one-directional: callers grant this action access to their workspace and (transitively) their GITHUB_TOKEN permissions. The action does not mint tokens, call external networks, or write outside the caller's workspace.

Specific defenses:

• All caller inputs (version, plugin-name, blurb, blurb-file, date) flow through env: into bash arrays — never string-interpolated into shell script text. Embedded shell metacharacters in a blurb reach bump.py as literal argv bytes.
• version is validated against ^[0-9]+\.[0-9]+\.[0-9]+$ at the action boundary and again in bump.py. The leading v is stripped at the boundary; the strict form reaches the Python layer.
• Multi-line outputs to $GITHUB_OUTPUT use a randomized heredoc delimiter generated per-step via openssl rand. This forecloses delimiter-smuggling attacks (CVE-2022-44769) regardless of input content.
• Upstream actions (actions/setup-python) are SHA-pinned, not tag-floated, to prevent silent supply-chain rotations from reaching consumers. Dependabot tracks the pin.
• bump.py is stdlib-only (tomllib, json, re, pathlib, argparse). No third-party Python imports at runtime.
• Dev-only tooling (pytest, ruff, mypy) is pinned via uv.lock and installed with uv sync --frozen in CI. The lock is the contract: CI refuses to resolve unlisted versions, closing the typosquat / hijacked-upstream window between every CI run.

• The composite actions under cut-release/ (and any future siblings).
• bump.py and any other Python under each action's directory.
• CI configuration in .github/workflows/.

• Issues in upstream actions (actions/setup-python, actions/checkout). File those upstream; link advisories here once available.
• Bugs in caller workflows that misuse this action's outputs.
• Vulnerabilities in the consumer's pyproject.toml, uv.lock, or CHANGELOG.md content — the action is a text rewriter, not a content validator.

For supply-chain hygiene in security-sensitive workflows, pin this action's references to commit SHAs rather than the @v1 major-float tag. The @v1 ref is for convenience; the SHA is for assurance.