45 lines
1.6 KiB
Markdown
45 lines
1.6 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
The following versions of Context7 MCP are currently supported with security updates:
|
|
|
|
| Version | Supported |
|
|
| ------- | ------------------ |
|
|
| 1.0.x | :white_check_mark: |
|
|
|
|
We recommend always using the latest version (`@upstash/context7-mcp@latest`) to ensure you have the most recent security patches and features.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
We take the security of Context7 seriously. If you discover a security vulnerability, please report it responsibly.
|
|
|
|
### How to Report
|
|
|
|
- Please use GitHub's [private vulnerability reporting](https://github.com/upstash/context7/security/advisories/new) feature to submit your report
|
|
- Alternatively, you can email security concerns to [context7@upstash.com](mailto:context7@upstash.com)
|
|
|
|
### What to Include
|
|
|
|
- A description of the vulnerability
|
|
- Steps to reproduce the issue
|
|
- Potential impact of the vulnerability
|
|
- Any suggested fixes (optional)
|
|
|
|
### What to Expect
|
|
|
|
- **Initial Response**: We aim to acknowledge your report within 48 hours
|
|
- **Status Updates**: You can expect updates on the progress every 5-7 business days
|
|
- **Resolution Timeline**: We strive to resolve critical vulnerabilities within 30 days
|
|
|
|
### After Reporting
|
|
|
|
- If the vulnerability is accepted, we will work on a fix and coordinate disclosure with you
|
|
- We will credit reporters in our release notes (unless you prefer to remain anonymous)
|
|
- If the report is declined, we will provide an explanation
|
|
|
|
### Please Do Not
|
|
|
|
- Disclose the vulnerability publicly before we have addressed it
|
|
- Exploit the vulnerability beyond what is necessary to demonstrate it
|