We release patches for security vulnerabilities in the following versions:
| Version | Supported |
|---|---|
| latest | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability in SageMCP, please report it by emailing the maintainers directly rather than opening a public issue.
Please do not report security vulnerabilities through public GitHub issues.
When reporting a vulnerability, please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Suggested fix (if any)
We will acknowledge your email within 48 hours and send a more detailed response within 7 days indicating the next steps in handling your report.
After the initial reply to your report, we will keep you informed of the progress towards a fix and may ask for additional information.
When we receive a security bug report, we will:
- Confirm the problem and determine affected versions
- Audit code to find similar problems
- Prepare fixes for all supported releases
- Release patches as soon as possible
Thank you for helping keep SageMCP and its users safe!