We provide security updates for the following versions of calibre-mcp:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take security vulnerabilities seriously. If you discover a security vulnerability in calibre-mcp, please follow these steps:
Security vulnerabilities should be reported privately to prevent exploitation.
Send an email to: security@example.com
Include the following information:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any suggested fixes (if available)
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution: Within 30 days (depending on complexity)
- We will acknowledge receipt of your report
- We will investigate the vulnerability
- We will provide regular updates on our progress
- We will coordinate the release of fixes with you
- We will credit you in our security advisories (unless you prefer to remain anonymous)
- Keep calibre-mcp updated to the latest version
- Use strong authentication for your Calibre server
- Limit network access to your Calibre server
- Regular backups of your library data
- Monitor access logs for suspicious activity
- Input validation - Always validate user inputs
- SQL injection prevention - Use parameterized queries
- Authentication - Implement proper authentication checks
- Authorization - Verify user permissions for all operations
- Error handling - Don't expose sensitive information in error messages
calibre-mcp includes several security features:
- Input sanitization for all user inputs
- SQL injection protection through parameterized queries
- Authentication support for Calibre server access
- Rate limiting to prevent abuse
- Error handling that doesn't expose sensitive data
We regularly audit our dependencies for security vulnerabilities:
- Automated scanning with Dependabot
- Manual reviews of critical dependencies
- Regular updates to latest secure versions
- Security-focused dependency choices
- Vulnerabilities are disclosed after fixes are available
- We coordinate disclosure with security researchers
- Public disclosure includes:
- Description of the vulnerability
- Impact assessment
- Mitigation steps
- Credit to researchers (with permission)
For security-related questions or concerns:
- Email: security@example.com
- Response Time: Within 48 hours
Last Updated: 2025-01-21
Next Review: 2025-04-21