We provide security updates for the following versions:
| Version | Supported | Security Updates |
|---|---|---|
| 4.6.x | ✅ | Full support with regular updates |
| 4.5.x | Critical security fixes only | |
| 4.0.x | ❌ | No longer supported |
| < 4.0 | ❌ | No longer supported |
Recommendation: Always use the latest version (4.6.x) for the best security posture.
Please report security issues privately by email to: bert@telkom.be
Include:
- Description of the issue
- Steps to reproduce
- Potential impact
- Acknowledgment: Within 24 hours
- Initial assessment: Within 72 hours
- Resolution: As soon as possible
- Input validation on all endpoints
- Parameterized database queries
- Rate limiting
- CORS configuration
- Regular dependency updates
- Use HTTPS in production
- Keep dependencies updated
- Use strong credentials
- Enable authentication
- Regular backups
Thank you for helping keep ProjectHub-MCP secure!