Context7 MCP

# Security Policy ## Supported Versions The following versions of Context7 MCP are currently supported with security updates: | Version | Supported | | ------- | ------------------ | | 1.0.x | :white_check_mark: | We recommend always using the latest version (`@upstash/context7-mcp@latest`) to ensure you have the most recent security patches and features. ## Reporting a Vulnerability We take the security of Context7 seriously. If you discover a security vulnerability, please report it responsibly. ### How to Report - Please use GitHub's [private vulnerability reporting](https://github.com/upstash/context7/security/advisories/new) feature to submit your report - Alternatively, you can email security concerns to [context7@upstash.com](mailto:context7@upstash.com) ### What to Include - A description of the vulnerability - Steps to reproduce the issue - Potential impact of the vulnerability - Any suggested fixes (optional) ### What to Expect - **Initial Response**: We aim to acknowledge your report within 48 hours - **Status Updates**: You can expect updates on the progress every 5-7 business days - **Resolution Timeline**: We strive to resolve critical vulnerabilities within 30 days ### After Reporting - If the vulnerability is accepted, we will work on a fix and coordinate disclosure with you - We will credit reporters in our release notes (unless you prefer to remain anonymous) - If the report is declined, we will provide an explanation ### Please Do Not - Disclose the vulnerability publicly before we have addressed it - Exploit the vulnerability beyond what is necessary to demonstrate it