We take the security of Specifai MCP Server seriously. If you believe you've found a security vulnerability, please follow these steps:
- Do not disclose the vulnerability publicly
- Email the details to hai-feedback@presidio.com.
- Provide a detailed description of the vulnerability
- Include steps to reproduce the issue
- Mention the version of the software where you found the vulnerability
- If possible, include suggestions for fixing the vulnerability
- We will acknowledge receipt of your vulnerability report within 48 hours
- We will provide a more detailed response within 7 days
- We will work with you to understand and address the issue
- We will keep you informed of our progress
- Once the vulnerability is fixed, we will publicly acknowledge your responsible disclosure (unless you prefer to remain anonymous)
- Keep the package updated: Always use the latest version of the Specifai MCP Server
- Validate inputs: When integrating with the server, ensure all inputs are properly validated
- Manage permissions: Ensure proper file system permissions are set for the project directory
- Secure your environment: Follow security best practices for your Node.js environment
The Specifai MCP Server implements several security measures:
- Input validation: All inputs are validated using Zod schemas
- Error handling: Proper error handling to prevent information leakage
- Dependency scanning: Regular scanning of dependencies for vulnerabilities
- Code reviews: All code changes undergo review before merging
When a security vulnerability is reported, we follow this disclosure process:
- The security team verifies the vulnerability
- We develop a fix and test it thoroughly
- We release a patch and notify users
- After users have had sufficient time to update, we may publish a security advisory
Thank you for helping keep Specifai MCP Server and its users safe!