I’m using the latest cursor version.
Before when i was configuring the .gitignore and .cursorignore files, the composer/AIPane did interact with them.
Lately, I saw cursor multiple times over and over reading files explicitly written within these ignore files!
This may include .env / .envlocal files which can contain sensitive data and keys!
This is a critical security and privacy issue which MUST be address promptly!
Hi @ShAILelchuk
Why are you so sure about that? I just checked, and Cursor didn’t index anything in my ignored files. Could you confirm this with a screenshot or something else?
I’m sure about that because:
1.It clearly stated to
2. It kept re-updating my .env and .envlocal files over and over
3. It alerted me that it has access to those files and they may contain sensitive information!
I’m pretty sure. If I add vendor/ and I do a cmd + L for chat, and i ask a question will all my tabs closed. it is still pulling the vendor/ folders into the context. It’s a huge problem.
I believe .gitignore-ed files (like .cursorignore-d` files) can “still be included in AI requests, such as if you recently viewed a file and then ask a question in the chat.” And whether your tabs are open may not be the logic that determines “recently viewed a file”.
- While a
‘.cursorignore’file can prevent files from being indexed, those files may still be included in AI requests, such as if you recently viewed a file and then ask a question in the chat. […]
I raise related security concerns in Security Concerns with .gitignore, .cursorignore, .cursorban .
Cursor Tab is also active on these files.
How can they not be included since Cursor Tab is not a local model?