docs: add vulnerability reporting section to MCP security pages#5114
docs: add vulnerability reporting section to MCP security pages#5114iris-clawd wants to merge 1 commit intomainfrom
Conversation
|
Preview deployment for your docs. Learn more about Mintlify Previews.
|
Create a dedicated Security Policy page (docs/{en,pt-BR,ko,ar}/security.mdx)
with vulnerability reporting instructions pointing to the Bugcrowd VDP
(crewai-vdp-ess@submit.bugcrowd.com), consistent with the updated security
policy from PR #5096.
The page is added to the Documentation tab navigation (after Telemetry)
across all versions and languages in docs.json.
This is a top-level security page, not buried inside MCP docs.
iris-clawd
force-pushed
the
docs/add-vulnerability-reporting-section
branch
from
b71b730 to
2aa9942
Compare
There was a problem hiding this comment.
Pull request overview
Adds a “Reporting Security Vulnerabilities” section to the MCP security docs in multiple locales, and introduces new localized top-level “Security Policy” pages that direct users to Bugcrowd for vulnerability reports.
Changes:
- Add a new “Reporting Security Vulnerabilities” section to MCP security pages (en, pt-BR, ko, ar) and renumber “Further Reading”.
- Add new localized top-level Security Policy pages (en, pt-BR, ko, ar) with Bugcrowd reporting instructions.
- Update
docs/docs.jsonnavigation to include the new Security Policy pages across locales.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/en/mcp/security.mdx | Adds vulnerability reporting section + renumbers Further Reading |
| docs/pt-BR/mcp/security.mdx | Same change localized (pt-BR) |
| docs/ko/mcp/security.mdx | Same change localized (ko) |
| docs/ar/mcp/security.mdx | Same change localized (ar) |
| docs/en/security.mdx | New top-level Security Policy page (en) |
| docs/pt-BR/security.mdx | New top-level Security Policy page (pt-BR) |
| docs/ko/security.mdx | New top-level Security Policy page (ko) |
| docs/ar/security.mdx | New top-level Security Policy page (ar) |
| docs/docs.json | Adds nav entries for the new Security Policy pages in each locale |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| ## موارد الأمان | ||
|
|
||
| - **[اعتبارات أمان MCP](/mcp/security)** — أفضل الممارسات لدمج خوادم MCP بأمان مع وكلاء CrewAI، بما في ذلك أمان النقل ومخاطر حقن الأوامر ونصائح تنفيذ الخادم. |
There was a problem hiding this comment.
This MCP link uses /mcp/security, which likely routes to the default locale instead of Arabic. Other Arabic docs use locale-prefixed MCP routes (e.g., /ar/mcp/security), so this should be updated to a locale-aware (or relative) link to keep users in Arabic.
| - **[اعتبارات أمان MCP](/mcp/security)** — أفضل الممارسات لدمج خوادم MCP بأمان مع وكلاء CrewAI، بما في ذلك أمان النقل ومخاطر حقن الأوامر ونصائح تنفيذ الخادم. | |
| - **[اعتبارات أمان MCP](/ar/mcp/security)** — أفضل الممارسات لدمج خوادم MCP بأمان مع وكلاء CrewAI، بما في ذلك أمان النقل ومخاطر حقن الأوامر ونصائح تنفيذ الخادم. |
| --- | ||
| title: Security Policy | ||
| description: Learn how to report security vulnerabilities and about CrewAI's security practices. | ||
| icon: shield | ||
| mode: "wide" | ||
| --- |
There was a problem hiding this comment.
PR description says the change is limited to adding a vulnerability reporting section to the MCP security pages, but this PR also introduces new top-level Security Policy pages (like this one) and updates docs navigation (docs.json). Please update the PR description to reflect the full scope, or split into separate PRs if these are intended to be independent changes.
|
|
||
| ## Security Resources | ||
|
|
||
| - **[MCP Security Considerations](/mcp/security)** — Best practices for securely integrating MCP servers with your CrewAI agents, including transport security, prompt injection risks, and server implementation advice. |
There was a problem hiding this comment.
The MCP link here uses an unscoped path (/mcp/security), which will likely send users to the default/English page instead of the current locale. Other pages in this docs set use locale-prefixed MCP routes (e.g., /en/mcp/security), so this should be updated to a locale-aware link (or a relative link) to keep users in-language.
| - **[MCP Security Considerations](/mcp/security)** — Best practices for securely integrating MCP servers with your CrewAI agents, including transport security, prompt injection risks, and server implementation advice. | |
| - **[MCP Security Considerations](/en/mcp/security)** — Best practices for securely integrating MCP servers with your CrewAI agents, including transport security, prompt injection risks, and server implementation advice. |
|
|
||
| ## Recursos de Segurança | ||
|
|
||
| - **[Considerações de Segurança MCP](/mcp/security)** — Melhores práticas para integrar servidores MCP com segurança aos seus agentes CrewAI, incluindo segurança de transporte, riscos de injeção de prompt e conselhos de implementação de servidor. |
There was a problem hiding this comment.
The MCP link uses /mcp/security, which likely routes to the default locale instead of Portuguese. Elsewhere the Portuguese docs use locale-prefixed MCP routes (e.g., /pt-BR/mcp/security), so this link should be made locale-aware (or relative) to avoid language switching.
| - **[Considerações de Segurança MCP](/mcp/security)** — Melhores práticas para integrar servidores MCP com segurança aos seus agentes CrewAI, incluindo segurança de transporte, riscos de injeção de prompt e conselhos de implementação de servidor. | |
| - **[Considerações de Segurança MCP](/pt-BR/mcp/security)** — Melhores práticas para integrar servidores MCP com segurança aos seus agentes CrewAI, incluindo segurança de transporte, riscos de injeção de prompt e conselhos de implementação de servidor. |
|
|
||
| ## 보안 리소스 | ||
|
|
||
| - **[MCP 보안 고려사항](/mcp/security)** — MCP 서버를 CrewAI 에이전트와 안전하게 통합하기 위한 모범 사례로, 전송 보안, 프롬프트 인젝션 위험 및 서버 구현 권장 사항을 포함합니다. |
There was a problem hiding this comment.
This link points to /mcp/security, which likely resolves to the default locale rather than Korean. Other Korean docs use locale-prefixed routes (e.g., /ko/mcp/security), so this should be updated to a locale-aware (or relative) link to avoid sending users to English.
| - **[MCP 보안 고려사항](/mcp/security)** — MCP 서버를 CrewAI 에이전트와 안전하게 통합하기 위한 모범 사례로, 전송 보안, 프롬프트 인젝션 위험 및 서버 구현 권장 사항을 포함합니다. | |
| - **[MCP 보안 고려사항](/ko/mcp/security)** — MCP 서버를 CrewAI 에이전트와 안전하게 통합하기 위한 모범 사례로, 전송 보안, 프롬프트 인젝션 위험 및 서버 구현 권장 사항을 포함합니다. |
Summary
Adds a Reporting Security Vulnerabilities section to the MCP security documentation across all four languages (en, pt-BR, ko, ar).
This directs users to report vulnerabilities via the Bugcrowd VDP at
crewai-vdp-ess@submit.bugcrowd.com, consistent with the updated security policy from #5096.Changes
docs/en/mcp/security.mdx— Added section 5 (Reporting Security Vulnerabilities), renumbered Further Reading to section 6docs/pt-BR/mcp/security.mdx— Same in Portuguesedocs/ko/mcp/security.mdx— Same in Koreandocs/ar/mcp/security.mdx— Same in ArabicEach section includes:
Notes
The changelog (
docs/en/changelog.mdx) already references the security policy update under v1.12.2, so no changelog changes needed.