We release security updates for the following versions of DocuMCP:
| Version | Supported | 
|---|---|
| 1.x.x | ✅ | 
| < 1.0 | ❌ | 
We take the security of DocuMCP seriously. If you believe you have found a security vulnerability, please follow these steps:
Please do not disclose the vulnerability publicly until we have had time to investigate and provide a fix.
Email your findings to [[email protected]] or create a private security advisory on GitHub.
Please provide:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes
- Your contact information
We will:
- Acknowledge receipt within 48 hours
- Provide a preliminary assessment within 3 business days
- Keep you informed of our progress
- Work with you on public disclosure timing
- Keep your DocuMCP installation up to date
- Review and understand the permissions required
- Use secure communication channels
- Regularly audit your documentation deployment workflows
- Follow secure coding practices
- Use dependency scanning tools
- Regular security reviews of code
- Implement proper input validation
- Keep dependencies updated
DocuMCP operates as a Model Context Protocol server. Please ensure:
- Proper authentication and authorization for MCP connections
- Secure transport layer (TLS/SSL) for network communications
- Regular review of MCP client permissions
When using DocuMCP for documentation deployment:
- Review generated GitHub Actions workflows
- Ensure proper secret management
- Validate deployment configurations
- Monitor deployment logs for anomalies
We regularly monitor our dependencies for security vulnerabilities:
- Automated dependency scanning with GitHub Dependabot
- Regular security updates
- Pinned dependency versions for stability
In case of a security incident:
- Contain: Isolate affected systems
- Assess: Determine scope and impact
- Fix: Develop and deploy patches
- Communicate: Notify affected users
- Learn: Conduct post-mortem analysis
For security-related concerns:
- Email: [email protected]
- PGP Key: [Available upon request]
- Response Time: Within 48 hours for initial response
We thank security researchers and users who help us keep DocuMCP secure through responsible disclosure.