If you discover a security issue, please report it privately instead of opening a public GitHub issue.
- Open a private security advisory in this repository, or
- Contact the maintainers directly with:
- affected versions/commit
- reproduction steps
- impact assessment
- suggested fix (if available)
We will acknowledge reports as quickly as possible and keep you updated during triage and remediation.
Security-relevant areas include:
- authentication and API key handling
- encryption and secret storage
- MCP endpoint authorization
- generic REST integration safeguards (SSRF/path traversal protections)
Please allow time for a fix before public disclosure. Once resolved, we will document the fix and credit reporters when appropriate.