Thank you for helping keep the Model Context Protocol and its ecosystem secure.
Security fixes are released for the most recent stable (v1.x) release line.
v2 pre-releases (2.0.0aN, …) are development snapshots: fixes land only in
the newest pre-release, and already-published pre-releases are not patched. If
you are testing the v2 line, track the latest pre-release; for production use,
stay on the latest stable release.
If you discover a security vulnerability in this repository, please report it through the GitHub Security Advisory process for this repository.
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
To help us triage and respond quickly, please include:
- A description of the vulnerability
- Steps to reproduce the issue
- The potential impact
- Any suggested fixes (optional)