| Version | Supported |
|---|---|
| 0.0.x | ✅ |
If you discover a security vulnerability in Midnight MCP, please report it responsibly:
- Do NOT open a public GitHub issue
- Email the maintainer directly or use GitHub's private vulnerability reporting
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes
We will respond within 48 hours and work with you to resolve the issue.
- Never commit API keys to the repository
- Use environment variables for sensitive data
- The
.envfile is gitignored by default
- Use tokens with minimal required permissions
public_reposcope is sufficient for most operations- Consider using fine-grained tokens
- If running ChromaDB, secure it appropriately
- Don't expose ChromaDB ports publicly without authentication
We regularly update dependencies to patch known vulnerabilities. Run npm audit to check for issues.