We take the security of the DeepL MCP Server seriously. If you discover a security vulnerability within this project, please report it to us as soon as possible. We appreciate your efforts to responsibly disclose your findings.

Please do NOT open a public GitHub issue for security vulnerabilities.

Instead, please send an email to [[email protected]]

In your report, please include:

• A clear and concise description of the vulnerability.
• Steps to reproduce the vulnerability.
• The potential impact of the vulnerability.
• Any suggested mitigations or fixes (if applicable).

We will acknowledge your report within 24-48 hours and provide a more detailed response within a reasonable timeframe.

As this is a community-driven project, we aim to address security vulnerabilities in the latest release. We encourage users to always use the most recent version of the DeepL MCP Server to ensure they have the latest security patches.

• API Key Security: Your DeepL API key is sensitive information. Do not expose it in public repositories or client-side code. Use environment variables or secure configuration management for storing and accessing the API key.
• Network Security: When deploying the server, ensure it is running in a secure environment. Limit network access to only trusted sources and consider using firewalls and other security measures.
• Keep Dependencies Updated: Regularly update the project's dependencies to benefit from security fixes in underlying libraries.

Thank you for helping to keep the DeepL MCP Server secure.