github Dataojitori/nocturne_memory 2.4.1
2.4.1 Security: require API_TOKEN for HTTP/SSE transport
on GitHub

3 hours ago

⚠️ Breaking Change / 不兼容变更

HTTP/SSE transport now requires API_TOKEN to start.
Previously, leaving API_TOKEN empty silently disabled authentication,
exposing the memory API to anyone on the same network.

以前 API_TOKEN 留空会静默关闭认证,导致同局域网内任何人都能访问记忆 API。
现在 HTTP/SSE 模式启动时必须设置 API_TOKEN

Migration / 迁移步骤

  1. Generate a token / 生成令牌:
    python -c "import secrets; print(secrets.token_urlsafe(32))"
  2. Add to .env / 写入 .env
    API_TOKEN=
  3. Update MCP client config / 更新客户端配置: 
{
  "headers": {
    "Authorization": "Bearer <your-token>"
  }
}

stdio mode (local MCP) is not affected.
本地 stdio 模式不受影响。

Full Changelog: https://github.com/Dataojitori/nocturne_memory/compare/2.4.0...2.4.1
Check out latest releases or
releases around Dataojitori/nocturne_memory 2.4.1

Don't miss a new nocturne_memory release

NewReleases is sending notifications on new releases.

Get notifications