github doobidoo/mcp-memory-service v10.21.1
v10.21.1 — Resolve 5 CodeQL Code Scanning Alerts

latest releases: v10.40.1, v10.40.0, v10.39.1...
one month ago

Security

This patch release resolves 5 CodeQL code scanning alerts that were introduced in recent development work.

CodeQL Alerts Resolved

py/unused-import — alerts #359, #360, #361

  • Removed unused os import from src/mcp_memory_service/mcp_server.py
  • Removed unused platform import from src/mcp_memory_service/web/api/health.py
  • Removed unused Path import from src/mcp_memory_service/utils/http_server_manager.py

py/empty-except — alert #358

  • Fixed bare pass in an except block in src/mcp_memory_service/web/api/consolidation.py
  • Replaced with an explanatory comment (# ignore unexpected non-list responses from LLM — continue processing) that documents the intentional decision and satisfies CodeQL

py/stack-trace-exposure — alert #357

  • In src/mcp_memory_service/web/api/consolidation.py, non-string reason values from consolidation recommendations are now wrapped with repr() before being embedded in HTTP responses
  • Previously, a raw exception object passed as reason would have serialised a full Python traceback into the API response body, leaking internal implementation details to API callers
  • repr() produces a safe, bounded representation without stack frames

Upgrade

No configuration changes required. Drop-in replacement for v10.21.0.

pip install --upgrade mcp-memory-service
# or
uvx mcp-memory-service@10.21.1

Changelog

Full details: CHANGELOG.md — v10.21.1

Don't miss a new mcp-memory-service release

NewReleases is sending notifications on new releases.