Only the latest tagged release receives security fixes.

odoo-mcp-server is an MCP bridge between an LLM client and an Odoo instance. It holds Odoo API credentials and issues XML-RPC calls on behalf of the LLM.

Mitigations in place:

• Credentials via environment only: ODOO_URL, ODOO_DB, ODOO_USER, ODOO_API_KEY are read from the process environment at startup — never from files, never from request input. config.h calls getenv() and aborts if any required var is absent.
• No credential logging: the API key is passed directly to execute_kw and never written to stderr or any log path.
• Input validation: all MCP tools/call arguments are validated before the Odoo RPC call. Empty values dicts and empty record_ids are rejected at the C layer before touching the network.
• TLS only: net.c uses libtls and enforces HTTPS for all Odoo connections. Plaintext HTTP to Odoo is not supported.
• OPA authorization gate (policy/authz.rego): admin_users and protected_models are enforced before any mutating tool call. res.users and ir.config_parameter require admin credentials.
• Cloudflare WAF layer (WASM target): all inbound MCP traffic passes through your Cloudflare zone WAF rules before reaching the WASM module. Rate limiting and Bot Management apply at the edge.
• No shell invocation: nob.c build driver uses nob_cmd_run_sync only. No system(), popen(), or exec*() calls in any source file. Enforced by policy/c_quality.rego (AST-level check).

Do not open a public GitHub Issue for security vulnerabilities.

Report security issues by email:

denzuko@dapla.net

Please include:

• A description of the vulnerability and its potential impact
• Steps to reproduce or a proof-of-concept (if safe to share)
• Your assessment of severity

You will receive an acknowledgement within 72 hours and a resolution timeline within 7 days for confirmed issues.

Fixes will be released as a new patch tag and disclosed in CHANGELOG.md under a ### Security heading once the fix is available.

The following are not considered security vulnerabilities:

• Attacks requiring write access to the process environment (you already have equivalent privilege)
• Attacks against the Odoo instance itself
• Denial-of-service via malformed MCP JSON-RPC payloads (handled by the JSON parser in json.h)
• Browser-side issues in the GH Pages documentation site

Each release includes:

• sbom.cdx.json — CycloneDX 1.6 Software Bill of Materials
• sbom.spdx.json — SPDX 2.3 Software Bill of Materials
• SARIF reports from cppcheck and KICS — uploaded to GitHub Security tab on every CI run

Both SBOMs are regenerated by cdxgen before each release tag.