We actively support the following versions of Living Documentation Generator:
| Version | Supported |
|---|---|
| 0.1.x | β |
We take security vulnerabilities seriously. If you discover a security vulnerability, please follow these steps:
DO NOT create a public GitHub issue for security vulnerabilities.
Instead, please report security vulnerabilities by emailing: [sgharlow@gmail.com]
Include the following information:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any suggested fixes (if available)
- Acknowledgment: We'll acknowledge receipt within 48 hours
- Initial Assessment: We'll provide an initial assessment within 5 business days
- Updates: We'll keep you informed of our progress
- Resolution: We aim to resolve critical issues within 30 days
When using Living Documentation Generator:
- Keep Updated: Always use the latest version
- Secure Configuration: Review MCP server configuration
- File Permissions: Ensure proper file system permissions
- Network Security: Run on trusted networks only
- Input Validation: All file paths and content are validated
- Sandboxing: Code analysis runs in isolated contexts
- No Code Execution: Analyzers parse code without execution
- Dependency Security: Regular dependency updates and audits
Living Documentation Generator includes several security measures:
- Path Sanitization: Prevents directory traversal attacks
- Content Filtering: Sanitizes user-generated content
- Size Limits: Prevents resource exhaustion attacks
- No Remote Code Execution: Static analysis only
- Local Operation: No external network dependencies required
The following are generally considered out of scope:
- Issues in third-party dependencies (report to respective maintainers)
- Social engineering attacks
- Physical access to systems
- Denial of service through resource exhaustion (unless critical)
When contributing code:
- Validate all user inputs
- Sanitize file paths and content
- Avoid executing user-provided code
- Use secure defaults in configuration
- Add security tests for new features
- Review dependencies for known vulnerabilities
Security updates will be:
- Released as patch versions (e.g., 0.1.1 β 0.1.2)
- Documented in release notes
- Announced through GitHub security advisories
- Backported to supported versions when possible
Thank you for helping keep Living Documentation Generator secure! π