We actively monitor and patch security vulnerabilities. Since arcgis-mcp-bridge directly interacts with local ArcGIS Pro Python environments (arcpy) and processes live LLM contexts through the Model Context Protocol (MCP), we strongly recommend always running the latest release from PyPI.
| Version | Supported |
|---|---|
| v0.6.x | ✅ |
| < v0.6.0 | ❌ |
The current supported release line is v0.6.x; users should prefer the newest available patch release, currently v0.6.1.
Because this project bridges local GIS workflows, licensed ArcGIS Pro runtimes, and LLM-driven tool calls, users are responsible for keeping their local execution boundary narrow and intentional:
- API Secret Masking: Never hardcode
ANTHROPIC_API_KEY, MCP host credentials, service tokens, database credentials, or other secrets inside ArcGIS Pro scripts, workspace directories, notebooks, geodatabases, or example datasets. Use environment variables or your platform’s secret-management mechanism. - Spatial Data Privacy: Be cautious when exposing tools that allow an LLM host to query local File Geodatabases (
.gdb), Enterprise SDE connections, infrastructure datasets, cadastral data, personal data, or proprietary project work. - Path Boundary Configuration: Keep
ARCGIS_MCP_ALLOWED_ROOTSas narrow as practical. Do not point it at broad directories such as the user home directory, system drives, synced cloud roots, or unrelated project archives. - Destructive Operations: Treat tools requiring
confirm=trueas mutating operations. Review target paths and inputs carefully before allowing append, delete, repair, field calculation, projection definition, or other state-changing geoprocessing calls. - LLM Context Hygiene: Do not paste untrusted instructions, unknown project files, or sensitive workspace listings into an MCP host session unless you are comfortable with the model using that context to select and parameterize GIS tools.
Please do not report security vulnerabilities through public GitHub Issues. Instead, use GitHub's Private Vulnerability Reporting feature to submit a secure advisory directly to the maintainer.
- The maintainer will acknowledge the report within 48 hours and coordinate a private workspace on GitHub to assess the vulnerability.
- A fix will be developed and validated against supported
arcpyenvironment structures where applicable. - A patched release will be published to PyPI, and a GitHub Security Advisory will be published to document the issue and credit the reporter when appropriate.