Chroma MCP Server

# Security Policy ## Supported Versions We currently support the following versions of Chroma MCP Server with security updates: | Version | Supported | | ------- | ------------------ | | 0.1.x | :white_check_mark: | ## Reporting a Vulnerability We take the security of Chroma MCP Server seriously. If you believe you've found a security vulnerability, please follow these guidelines for responsible disclosure: ### How to Report Please **DO NOT** report security vulnerabilities through public GitHub issues. Instead, please report them via email to: - `info@noldcoaching.de` Please include the following information in your report: 1. Description of the vulnerability 2. Steps to reproduce the issue 3. Potential impact of the vulnerability 4. Any suggested mitigations (if available) ### What to Expect After you report a vulnerability: - You'll receive acknowledgment of your report within 48 hours. - We'll provide an initial assessment of the report within 5 business days. - We aim to validate and respond to reports as quickly as possible, typically within 10 business days. - We'll keep you informed about our progress addressing the issue. ### Disclosure Policy - Please give us a reasonable time to address the issue before any public disclosure. - We will coordinate with you to ensure that a fix is available before any disclosure. - We will acknowledge your contribution in our release notes (unless you prefer to remain anonymous). ## Security Best Practices When using Chroma MCP Server in your environment: - Keep your installation updated with the latest releases. - Restrict access to the server and its API endpoints. - Use strong authentication mechanisms when exposing the service. - Implement proper input validation for all data sent to the service. - Monitor logs for unexpected access patterns. Thank you for helping keep Chroma MCP Server and our users secure!