| Version | Supported |
|---|---|
| 0.1.x | Yes |
Do not open a public issue for security vulnerabilities.
If you discover a security vulnerability in mcpmux, please report it privately through one of these channels:
- GitHub Security Advisories: Report a vulnerability
- Email: omerayhan@outlook.com
Please include:
- A description of the vulnerability
- Steps to reproduce or a proof of concept
- The potential impact
- Suggested fix (if you have one)
- Acknowledgment: Within 48 hours of your report
- Assessment: Within 5 business days
- Fix (critical): Target release within 7 days
- Fix (non-critical): Included in the next scheduled release
The following are considered security issues:
- Upstream credential exposure through the gateway
- Tool injection or unauthorized tool execution
- Config parsing exploits (path traversal, code injection)
- Bypassing
excludeToolsorallowHighRisk: falsefiltering - Denial of service through crafted queries
We follow coordinated disclosure. Once a fix is released, we will:
- Publish a GitHub Security Advisory
- Credit the reporter (unless they prefer to remain anonymous)
- Include details in the changelog