Do not open public issues for security vulnerabilities.
Please report vulnerabilities via GitHub Security Advisories.
You will receive an acknowledgment within 48 hours and a detailed response within 7 days.
| Version | Supported |
|---|---|
| 0.3.x | Yes |
| < 0.3 | No |
mcp-zuul implements the following security measures:
- Auth token protection:
_BearerAuth(httpx Auth subclass) on the API client. httpx strips Authorization headers on cross-origin redirects. Log fetches use a separate unauthenticated client (log_client) as defense-in-depth. - Kerberos session safety:
asyncio.Lockserializes re-authentication to prevent concurrent session corruption. - Streaming size caps: Log downloads are capped at 10 MB (
stream_log) and 20 MB (fetch_log_url) via streaming to prevent memory exhaustion. - XML safety: JUnit XML parsing uses
defusedxml(not stdlibxml.etree.ElementTree) to prevent entity expansion attacks on untrusted test artifacts. - Path traversal protection:
safepath()rejects..segments in URL paths.browse_build_logsandget_build_logvalidatelog_nameandpathparameters. - Regex timeout: User-supplied grep patterns run in a thread executor with a 10-second timeout to prevent catastrophic backtracking.
- Read-only by default: Write tools (enqueue, dequeue, autohold) are removed from the server entirely when
ZUUL_READ_ONLY=true(default). LLMs cannot invoke tools that don't exist. - Input validation: All user-facing parameters are validated before use. Limits enforced on pagination (max 100), log lines (max 500), and response sizes.
- Never hardcode
ZUUL_AUTH_TOKENin config files — use environment variables - Use
ZUUL_VERIFY_SSL=true(default) in production - Keep
ZUUL_READ_ONLY=true(default) unless write operations are explicitly needed - For Docker, forward tokens without values:
-e ZUUL_AUTH_TOKEN(inherits from host) - Use
ZUUL_ENABLED_TOOLSto restrict tool exposure to only what's needed