Security fixes target the latest released logister-cli version.
Open a private security advisory on GitHub or contact the maintainer through the security channel listed on the Logister project page. Do not open public issues with exploit details, tokens, private telemetry, or customer payloads.
- Do not use project ingest API keys for CLI read access.
- Store CLI tokens outside source control.
- Prefer short-lived, scoped, project-limited tokens.
- Use
logister auth logoutto remove a saved token from the local profile. - Use
LOGISTER_TOKENonly for short-lived automation environments.
The CLI redacts sensitive-looking keys by default, including passwords, tokens, API keys, authorization headers, cookies, raw email fields, SSNs, and card verification fields. Redaction is a safety net, not a substitute for server-side minimization.