github doobidoo/mcp-memory-service v10.21.0
on GitHub

latest releases: v10.40.1, v10.40.0, v10.39.1...
one month ago

Security

  • fix(security): Harden health endpoints against information disclosure (GHSA-73hc-m4hx-79pj)
    • GET /health returns only {"status": "healthy"} — no version, uptime, or timestamps
    • GET /health/detailed now requires write (admin) access
    • Removed database_path from responses (leaked filesystem paths and usernames)
    • Removed OS version, Python version, CPU count, memory/disk sizes from system_info
    • Upgraded /memory-stats and /clear-caches to require write access
    • Added 7 regression tests

Changed

  • BREAKING: Default HTTP binding changed from 0.0.0.0 to 127.0.0.1
    • Set MCP_HTTP_HOST=0.0.0.0 to restore network-wide access
    • Also fixed in mcp_server.py — now uses HTTP_HOST/HTTP_PORT from config consistently

Full Changelog: v10.20.6...v10.21.0

Check out latest releases or
releases around doobidoo/mcp-memory-service v10.21.0

Don't miss a new mcp-memory-service release

NewReleases is sending notifications on new releases.

Get notifications