This fork expects security reports to be handled through GitHub's private vulnerability reporting for the repository when it is enabled.

Please do not open a public issue for a suspected vulnerability.

Preferred channel:

• GitHub repository Security tab and private vulnerability reporting: https://github.com/ceratops-code/hub-mcp/security/advisories/new

If private vulnerability reporting is not enabled for the fork yet, contact the fork maintainers through a private channel before disclosing details publicly.

After receiving the report, maintainers should triage the issue privately, confirm impact, prepare a fix, and coordinate disclosure timing before public release notes are published.

When possible, publish the fix together with a GitHub advisory or release note that explains affected versions and remediation steps.

Security reports are appreciated. No bounty program is promised by default for this fork.

If this fork is regularly rebased on upstream docker/hub-mcp, maintainers should also review upstream Docker security advisories and patch notices.