Currently supported versions with security updates:

We take the security of document-reader-mcp seriously. If you discover a security vulnerability, please follow these steps:

Security vulnerabilities should not be disclosed publicly until a fix is available.

Please report security vulnerabilities by:

• Opening a GitHub Security Advisory
• Or emailing the maintainers directly (check GitHub profile for contact)

In your report, please include:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact
• Suggested fix (if you have one)
• Your contact information for follow-up

We aim to:

• Acknowledge receipt within 48 hours
• Provide an initial assessment within 7 days
• Release a fix within 30 days for critical issues

We request that you:

• Give us reasonable time to address the issue
• Do not publicly disclose the vulnerability until we release a fix
• Do not exploit the vulnerability maliciously

⚠️ Important: This MCP server reads files from the local filesystem. Be aware:

• Do NOT expose to untrusted networks: This server is designed for local use only
• Trusted environments only: Use only with trusted MCP clients (e.g., Cursor IDE, Claude Desktop)
• No authentication: There is no built-in authentication mechanism
• Rate limiting: Rate limits are per-process, not per-user
• Path validation: File paths are validated but expanded with os.path.expanduser()

• Maximum file size: 100 MB (enforced to prevent resource exhaustion)
• This limit cannot be bypassed without code modification

• Default: 60 requests per minute per process
• Configurable via DOC_READER_RATE_LIMIT_PER_MINUTE environment variable
• Not suitable for multi-user or high-security environments

We use well-established libraries:

• fastmcp for MCP protocol implementation
• pdfminer.six for PDF processing
• openpyxl for Excel files
• python-docx for Word documents

All dependencies are specified with minimum versions in requirements.txt.

When deploying this server:

1. Isolation: Run in an isolated environment (container, VM, or sandboxed process)
2. Least Privilege: Run with minimal file system permissions
3. Network Isolation: Do not expose stdio interface to network sockets
4. Input Validation: The server validates file paths and sizes, but be aware of the files it can access
5. Monitoring: Monitor rate limiting and resource usage
6. Updates: Keep dependencies updated to receive security patches

• No user authentication or authorization
• Rate limiting is process-wide, not per-user
• File access is limited only by OS permissions of the running process
• No sandboxing of document parsers (relies on underlying libraries)

Security updates will be announced via:

• GitHub Security Advisories
• Release notes in CHANGELOG.md
• GitHub Releases page

For non-security-related questions about this policy, please open a regular GitHub issue.