| Version | Supported |
|---|---|
| Latest release | Yes |
Email fnpaladini@gmail.com with:
- Description of the issue
- Steps to reproduce
- Affected version
- Impact assessment (if known)
Please do not open public issues for undisclosed security vulnerabilities.
DevUtils runs locally via npx -y devutils-mcp-server. The plugin wrapper does not add network endpoints or collect user data.
Security-relevant areas:
- Input validation in MCP tool handlers (devutils-mcp-server)
- Docker image hardening
- Dependency updates
Expect an initial reply within 7 days. Fixes are released via npm and GitHub tags.