The following versions of MCP-Agent-Graph are currently supported with security updates:

We take the security of MCP-Agent-Graph seriously. If you believe you've found a security vulnerability, please follow these steps:

1. Do not disclose the vulnerability publicly - Please don't create a GitHub issue for security vulnerabilities.

2. Email us directly - Send details of the vulnerability to cloudstarai@163.com. Include as much information as possible, such as:

   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

3. Response timeline:

   • We will acknowledge receipt of your vulnerability report within 48 hours.
   • We'll provide a detailed response within 7 days, including our assessment and next steps.
   • We'll keep you informed about our progress in addressing the issue.

4. Disclosure process:

   • Once the vulnerability is confirmed and fixed, we'll work with you to determine an appropriate disclosure timeline.
   • We'll credit you in the security advisory unless you prefer to remain anonymous.

When using MCP-Agent-Graph in your environment:

1. Keep the software updated to the latest supported version.
2. Use secure API keys and credentials, never hardcoding them in your configuration.
3. Run the application with minimal required permissions.
4. Regularly audit your configuration files and deployment.

Thank you for helping keep MCP-Agent-Graph and its users secure!