Security Policy¶
Supported Versions¶
This section describes which versions of the Ultimate MkDocs documentation platform are currently being supported with security updates.
| Version | Supported |
|---|---|
| 1.x.x |  |
| < 1.0 |  |
Reporting a Vulnerability¶
We take the security of our documentation platform seriously. If you have discovered a security vulnerability, please follow these steps:
How to Report¶
- DO NOT open a public issue
- Email your findings to the project maintainers
- Include the following information:
- Type of vulnerability
- Full paths of source file(s) related to the vulnerability
- The location of the affected source code
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue
What to Expect¶
- Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours
- Initial Assessment: Within 7 days, we will provide an initial assessment of the vulnerability
- Resolution Timeline: We aim to resolve critical vulnerabilities within 30 days
- Communication: We will keep you informed about the progress of addressing the vulnerability
- Credit: We will credit you for the discovery in our release notes (unless you prefer to remain anonymous)
Security Best Practices¶
When using this documentation platform:
- Keep Dependencies Updated: Regularly update MkDocs and its dependencies
- Use HTTPS: Always serve documentation over HTTPS in production
- Access Control: Implement appropriate access controls for sensitive documentation
- Regular Audits: Perform regular security audits of your documentation infrastructure
- Secrets Management: Never commit secrets or API keys to documentation
Security Features¶
Our documentation platform includes:
- Content Security Policy (CSP) headers
- XSS protection
- CSRF protection for interactive features
- Secure cookie handling
- Input sanitization
Thank you for helping keep the Ultimate MkDocs documentation platform secure!