Currently, only the latest release on the main branch is supported with security updates.
| Version | Supported |
|---|---|
main |
✅ |
< 1.0 |
❌ |
We take the security of MemMCP incredibly seriously. Because this toolkit orchestrates memory for autonomous agent swarms, any vulnerability that allows for Indirect Prompt Injection, context poisoning, or arbitrary execution is treated as a critical, severity-1 incident.
DO NOT report security vulnerabilities via public GitHub issues.
Instead, please email vulnerabilities directly to the maintainers or use GitHub's private vulnerability reporting feature.
Please include:
- A description of the vulnerability.
- The exact steps to reproduce it.
- The potential impact (e.g., "Allows an attacker to bypass the XML RAG boundaries").
We will acknowledge receipt of your vulnerability report within 48 hours and strive to issue a patch and security advisory as rapidly as possible.