| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
We take the security of Google Workspace MCP seriously. If you believe you have found a security vulnerability, please follow these steps:
- DO NOT open a public issue on GitHub
- Email your findings to aaronsb@gmail.com
- Include detailed information about the vulnerability:
- Description of the issue
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
When you report a vulnerability:
- You'll receive acknowledgment of your report within 48 hours
- We'll investigate and provide an initial assessment within 5 business days
- We'll keep you informed about our progress
- Once the issue is resolved, we'll notify you and discuss public disclosure
- Security patches will be released as soon as possible after a vulnerability is confirmed
- Updates will be published through:
- NPM package updates
- Security advisories on GitHub
- Release notes in our changelog
When using Google Workspace MCP:
- Always use the latest version
- Keep your OAuth credentials secure
- Follow our security guidelines in the documentation
- Implement proper access controls
- Regularly audit your token usage
- Monitor API access logs
Google Workspace MCP includes several security features:
- Secure token storage
- OAuth 2.0 implementation
- Rate limiting
- Input validation
- Secure credential handling
- Public disclosure will be coordinated with the reporter
- We aim to release fixes before public disclosure
- Credit will be given to security researchers who report issues (unless they prefer to remain anonymous)
For security-related inquiries, contact:
- Email: aaronsb@gmail.com
- Subject line should start with [SECURITY]