Jamespohalloran

**Name of the Vulnerable Software and Affected Versions** @tinacms/cli versions 1.0.0 through 1.0.8 **Description** Tinacms is a Git-backed headless content management system with support for visual editing. Sites being built with @tinacms/cli that store sensitive values in the `process.env` variable are impacted, as these values will be added in plaintext to the index.js file. If a Tina-enabled website has sensitive credentials stored as environment variables, such as Algolia API keys, users should rotate those keys immediately. **Recommendations** For @tinacms/cli versions 1.0.0 through 1.0.8, upgrade to @tinacms/cli@1.0.9 to patch the issue. Rotate sensitive credentials stored as environment variables, such as Algolia API keys, immediately.