ProxmoxMCP-Plus v0.5.3

Release date: 2026-05-27

Fixes

manifest.json now declares all 42 tools registered at runtime, including job, VM config, container config, container IP, container command, and SSH key tools.
VM and LXC command execution logs no longer record command text, command output, or command error content by default.
OpenSSH-based LXC command execution and API SSH tunnel debug logs no longer expose full command lines or local key/known-hosts paths.
Error logging now strips CR/LF characters, truncates log values, and uses parameterized logging in hardened paths to reduce log-injection risk.
OpenAPI job route errors now log sanitized exception summaries without raw traceback text.
The OpenAPI rate limiter now periodically removes expired empty client buckets to avoid unbounded growth from many source IPs.
MCP HTTP transport security can now be configured with DNS rebinding protection, allowed hosts, and allowed origins through config or environment variables.

Added manifest-to-runtime registry parity coverage so missing or stale tool declarations fail tests.
Added destructive-operation regression tests for VM, container, backup, ISO, snapshot, and LXC restore paths.
Added log-redaction coverage for VM command execution, Paramiko LXC execution, OpenSSH LXC execution, API SSH tunnel logging, base tool errors, and OpenAPI job errors.

No mandatory config migration is required for existing stdio deployments.
HTTP transports that need explicit Host or Origin allowlists can set mcp.dns_rebinding_protection, mcp.allowed_hosts, and mcp.allowed_origins, or the matching MCP_DNS_REBINDING_PROTECTION, MCP_ALLOWED_HOSTS, and MCP_ALLOWED_ORIGINS environment variables.
Deployments that configure transport security require an MCP SDK version that provides TransportSecuritySettings.