Docfork

# Security Policy ## Supported Versions The following versions of Docfork MCP are currently supported with security updates: | Version | Supported | | ------- | --------- | | 1.0.x | ✅ | We strongly recommend always using the latest version (`docfork@latest`) to ensure you have the most recent security patches, features, and performance improvements. ## Reporting a Vulnerability We take the security of Docfork MCP seriously and appreciate your efforts to responsibly disclose your findings. ### How to Report **Please do NOT report security vulnerabilities through public GitHub issues.** To report a security vulnerability: 1. **Preferred**: Use [GitHub's private vulnerability reporting feature](https://github.com/docfork/docfork-mcp/security/advisories/new) to submit your report 2. **Alternative**: Email security concerns directly to **[support@docfork.com](mailto:support@docfork.com)** ### What to Include Please provide as much information as possible to help us understand and address the vulnerability: - Type of vulnerability and its potential impact - Full paths of source file(s) related to the vulnerability - Location of the affected code (tag/branch/commit or direct URL) - Step-by-step instructions to reproduce the issue - Proof-of-concept or exploit code (if available) - Any suggested fixes or mitigation strategies (optional but appreciated) ### What to Expect - **Initial Response**: We aim to acknowledge your report within 48 hours - **Status Updates**: You can expect progress updates every 5-7 business days - **Resolution Timeline**: We strive to resolve critical vulnerabilities within 30 days, with lower-severity issues addressed in subsequent releases ### After Reporting - If the vulnerability is accepted, we will work on a fix and coordinate disclosure timing with you - We will credit security researchers in our release notes and changelog (unless you prefer to remain anonymous) - If the report is declined, we will provide a detailed explanation of our decision ### Please Do Not - Disclose the vulnerability publicly before we have addressed it and coordinated disclosure - Exploit the vulnerability beyond what is necessary to demonstrate its existence - Access, modify, or delete data belonging to other users - Perform any attacks that could harm the reliability or integrity of our services ## Questions For general security questions (not vulnerabilities), you can: - Open a GitHub Discussion - Email us at [support@docfork.com](mailto:support@docfork.com) - Visit our documentation at [docs.docfork.com](https://docs.docfork.com) Thank you for helping keep Docfork and our community safe!