github doobidoo/mcp-memory-service v10.17.9
v10.17.9 - 17 Remaining CodeQL Security Alerts Resolved
on GitHub

latest releases: v10.36.4, v10.36.3, v10.36.2...
one month ago

Security

  • fix: resolve 17 remaining CodeQL security alerts:
    • 5x py/clear-text-logging-sensitive-data: Changed logger.info to logger.debug for OAuth configuration values in config.py and web/oauth/storage/__init__.py
    • 4x py/log-injection: Converted f-string logger calls to %-style format with inline sanitization in web/api/search.py, web/api/documents.py, web/oauth/authorization.py
    • 3x py/stack-trace-exposure: Removed exception variable from logger.error in web/api/consolidation.py; documents.py endpoints use generic error messages
    • 1x py/tarslip: Replaced tar.extractall() with member-by-member extraction after path traversal validation in embeddings/onnx_embeddings.py
    • 1x py/polynomial-redos: Added {0,50} bound to date_range regex capture groups in utils/time_parser.py
    • 3x py/url-redirection: Added _sanitize_state() helper to strip non-safe characters from OAuth state parameter before inclusion in redirect URLs in web/oauth/authorization.py

Full Changelog: v10.17.8...v10.17.9

Check out latest releases or
releases around doobidoo/mcp-memory-service v10.17.9

Don't miss a new mcp-memory-service release

NewReleases is sending notifications on new releases.

Get notifications