doobidoo/mcp-memory-service v10.28.4 on GitHub

Security Fixes

This patch release addresses two CVEs via dependency upgrades and one CodeQL finding via import cleanup.

CVE-2026-34073 — cryptography bumped from 46.0.5 to 46.0.6: Fixes incomplete DNS name constraint enforcement for wildcard DNS SANs. Credit to Oleh Konko (1seal) for the report. Dependabot alert #68 (low severity). (#622)
CVE-2026-34043 — serialize-javascript bumped to >=7.0.5: Fixes CPU exhaustion DoS via crafted array-like objects. Affects tests/integration/ and tests/web/ npm packages. Dependabot alerts #66, #67 (medium severity). (#623)

CodeQL #379 — Removed unused Optional import in harvester.py (note severity). No functional impact. (#623)

Alphabetical sorting of dependencies in pyproject.toml for improved readability and reduced merge conflicts. (#623)

pip install --upgrade mcp-memory-service
# or
uv add mcp-memory-service>=10.28.4

No configuration changes required. This is a dependency-only patch.

See CHANGELOG.md for complete version history.