| Version | Supported |
|---|---|
| 2.4.x | ✅ |
| 2.3.x | ❌ |
| < 2.3 | ❌ |
This server handles agent memory and coordination data for AI systems. Key security considerations:
- All memory data is stored locally in the filesystem
- MongoDB authentication should be configured for production deployments
- No encryption at rest by default - use filesystem-level encryption for sensitive data
- All user inputs are sanitized to prevent XSS attacks
- Agent identifiers are validated and normalized
- Project identifiers follow strict format validation
- Server runs locally by default (not exposed publicly)
- API endpoints have no built-in authentication (add reverse proxy for remote access)
- Use environment variables for sensitive configuration
Do NOT report security issues via public GitHub issues.
For security concerns, contact: contact@coderooz.in
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact assessment
- Any suggested fixes (optional)
- Initial response: Within 48 hours
- Assessment: Within 7 days
- Fix timeline: Depends on severity (critical: ASAP, moderate: next release)
- MCP protocol handling
- Agent registry and coordination
- Memory storage and retrieval
- Configuration management
- Client-side vulnerabilities
- Social engineering attacks
- Denial of service from resource exhaustion (configure appropriate limits)