What's New in v10.17.8
This release resolves the final 27 CodeQL security and code quality alerts identified in PR #497.
Security
- fix: resolve final 27 CodeQL security alerts (clear-text logging, log injection, stack-trace-exposure, URL redirection, polynomial ReDoS, empty-except, unused imports)
- py/clear-text-logging-sensitive-data (7 alerts): Masked sensitive values in log output in
config.pyandweb/oauth/storage/__init__.py - py/log-injection (1 alert): Added log value sanitization in
web/api/quality.py - py/stack-trace-exposure (1 alert): Replaced raw exception details with generic error response in
web/api/consolidation.py - py/url-redirection (3 alerts): Validated and restricted redirect targets in
web/oauth/authorization.py - py/polynomial-redos (5 alerts): Replaced vulnerable regex patterns with safe alternatives in
utils/time_parser.py - py/empty-except (1 alert): Added explicit exception handling in
config.py - py/unused-import (2 alerts): Removed unused imports from
embeddings/onnx_embeddings.pyandmemory_service.py
- py/clear-text-logging-sensitive-data (7 alerts): Masked sensitive values in log output in
Summary
This completes the comprehensive CodeQL security remediation campaign:
- v10.17.5: 38 Dependabot dependency security alerts resolved
- v10.17.6: 100 import-related CodeQL alerts resolved
- v10.17.7: 100 CodeQL security and code quality alerts resolved
- v10.17.8: Final 27 CodeQL security alerts resolved - CodeQL is now fully clean
Upgrading
pip install --upgrade mcp-memory-service
# or
uvx mcp-memory-service@latestNo configuration changes required. This is a security-only fix release with no breaking changes.
Full changelog: https://github.com/doobidoo/mcp-memory-service/blob/main/CHANGELOG.md