Conversation
Krzysztof Kozlowski
krzk
@lwn I love the timeline of initial disclosure to Cline:
https://adnanthekhan.com/posts/clinejection/#timeline
"January 1st, 2026: GHSA submitted via private vulnerability reporting on github.com/cline/cline. Same day, email sent to security@cline.bot ..."
January 8th, 2026: Follow-up email sent ... No response received to my email.
January 18th, 2026: Attempted direct message to Cline’s CEO on X with request to review the GHSA containing technical details. No response.
February 7th, 2026: Final attempt — new email to security@cline.bot, no response...
February 9th, 2026: Public disclosure via blog post."
Can we agree that Cline screwed so badly they should never be trusted again as software vendor? Ah, who am I kiddin, that's probably SW workflows managed by AI, so no one cares...
https://adnanthekhan.com/posts/clinejection/#timeline
"January 1st, 2026: GHSA submitted via private vulnerability reporting on github.com/cline/cline. Same day, email sent to security@cline.bot ..."
January 8th, 2026: Follow-up email sent ... No response received to my email.
January 18th, 2026: Attempted direct message to Cline’s CEO on X with request to review the GHSA containing technical details. No response.
February 7th, 2026: Final attempt — new email to security@cline.bot, no response...
February 9th, 2026: Public disclosure via blog post."
Can we agree that Cline screwed so badly they should never be trusted again as software vendor? Ah, who am I kiddin, that's probably SW workflows managed by AI, so no one cares...
0
0
3