github doobidoo/mcp-memory-service v10.10.2
v10.10.2 - Memory Injection Filtering Fixes
on GitHub

latest releases: v10.31.2, v10.31.1, v10.31.0...
one month ago

Fixed

Memory Injection Filtering (#449): Fixed two critical bugs preventing proper memory filtering for empty/new projects

  1. minRelevanceScore Enforcement: Applied configured relevance threshold (default 0.3) in memory scoring filter. Previously the threshold was loaded from config but never enforced, allowing low-relevance cross-project memories (scored ~12% after 85% penalty) to pass through.

  2. Project-Affinity Filter: Added Phase 2 tag-based search filter to prevent cross-project memory pollution. Tag searches now require project tag presence or project name mention in content. Generic tags (architecture, key-decisions, claude-code-reference) previously returned memories from ALL projects due to OR logic in /api/search/by-tag endpoint.

Security

  • Command Injection Prevention: Replaced execSync with execFileSync in memory service queries to prevent command injection via project names
  • Log Sanitization: Added sanitizeForLog() function to strip ANSI/control characters from logged project names
  • Null Guards: Added defensive null/empty checks for projectTag in affinity filter

Related

  • PR #449 - Fix memory injection filtering for empty/new projects

Installation: 

pip install --upgrade mcp-memory-service

Changelog: CHANGELOG.md

Check out latest releases or
releases around doobidoo/mcp-memory-service v10.10.2

Don't miss a new mcp-memory-service release

NewReleases is sending notifications on new releases.

Get notifications