github doobidoo/mcp-memory-service v10.26.5
v10.26.5 - Security patch: black path traversal fix (GHSA-3936-cmfr-pm3m, CVE-2026-32274)
on GitHub

8 days ago

Security patch: bump black dev dependency to >=26.3.1 (GHSA-3936-cmfr-pm3m, CVE-2026-32274, High)

Security Fix

black path traversal via --python-cell-magics (GHSA-3936-cmfr-pm3m, CVE-2026-32274, High)

The black code formatter contained a path traversal vulnerability via the --python-cell-magics option that could allow an attacker to write files outside the intended directory when black was invoked on maliciously crafted input.

Impact: Development and CI environments only. black is a dev-only dependency used for code formatting — it is not a runtime dependency and is never present in user installations (pip install mcp-memory-service is unaffected).

Fix: pyproject.toml updated from black >=24.0.0 to black >=26.3.1. uv.lock updated from black 26.1.0 to 26.3.1.

Changed Files

  • pyproject.tomlblack constraint updated: >=24.0.0 -> >=26.3.1
  • uv.lock — black pinned from 26.1.0 to 26.3.1

Full Changelog

https://github.com/doobidoo/mcp-memory-service/blob/main/CHANGELOG.md#10265---2026-03-13

Check out latest releases or
releases around doobidoo/mcp-memory-service v10.26.5

Don't miss a new mcp-memory-service release

NewReleases is sending notifications on new releases.

Get notifications