doobidoo/mcp-memory-service v10.36.7
v10.36.7 — Security: bump pygments to 2.20.0 (CVE-2026-4539)

on GitHub

latest release: v10.36.8

11 hours ago

Security

[#698] Bumped pygments to 2.20.0: Resolves CVE-2026-4539 (GHSA-5239-wwwm-4pmq, ReDoS via inefficient regex for GUID matching). Transitive dependency via rich. (PR #698)

Details

CVE-2026-4539 / GHSA-5239-wwwm-4pmq

Severity: Medium
Vulnerability: ReDoS (Regular Expression Denial of Service) via inefficient regex in GUID matching
Dependency chain: pygments (transitive via rich)
Fix: Pinned pygments >= 2.20.0

What's Unchanged

1,537 tests passing
No API or behavior changes

Upgrade

pip install --upgrade mcp-memory-service

See CHANGELOG.md for full version history.

Check out latest releases or
releases around doobidoo/mcp-memory-service v10.36.7

Don't miss a new mcp-memory-service release

NewReleases is sending notifications on new releases.

Get notifications