# Security Policy ## Supported Versions | Version | Supported | | ------- | --------- | | 0.1.x | Yes | ## Reporting Please do **not** open a public issue for potential security problems. Use [GitHub Security Advisories](https://github.com/orca-svg/mcp-gateway-genui/security/advisories/new) to report privately, or email **leejunyeop@kaist.ac.kr** with the subject line `[mcp-gen-ui-gateway] Security Report`. Include: - A description of the problem and potential impact - Steps to reproduce - Affected versions We aim to acknowledge valid reports within 72 hours. For valid reports, we aim to provide a fix, mitigation, or written remediation plan within 14 days, and will coordinate a disclosure timeline with you. ## Domain-specific safety This project handles public-benefit information. Beyond conventional vulnerabilities, please also report: - Any path that could store sensitive identifiers (resident registration numbers, passwords, certificates, authentication tokens). - Any behavior that could be mistaken for definitive eligibility decisions, login, identity verification, or automated submission.