github doobidoo/mcp-memory-service v10.40.0
v10.40.0 — Milvus backend, OAuth hardening, 1675 tests
on GitHub

2 hours ago

Special Thanks

Huge thanks to @zc277584121 for contributing the Milvus storage backend — the first major community-contributed storage backend in the project's history. This is ~1,750 lines of production-quality code with 39 tests, three deployment modes, and a 6-month maintenance SLA commitment. This is exactly the kind of deep, thoughtful contribution that expands the project's reach to new deployments.

What's New

Added

  • [#721] Milvus storage backend (Lite / self-hosted / Zilliz Cloud): New fourth storage backend implementing the full MemoryStorage interface against Milvus. Supports three deployment modes from the same code path — Milvus Lite (zero-dep local .db file, ideal for scripts and tests), self-hosted Milvus via Docker (recommended for MCP servers and single-tenant deployments), and Zilliz Cloud (managed service for team/production use). ~1,750 lines of new code, 39 Milvus-specific tests. Activate with MCP_MEMORY_STORAGE_BACKEND=milvus. See docs/milvus-backend.md for the full deployment guide. (PR #721, @zc277584121)
  • [#721] backend:milvus label + .github/CODEOWNERS + test-milvus-docker CI job: Issue tracker label for routing Milvus bug reports; @zc277584121 added to CODEOWNERS for src/mcp_memory_service/storage/milvus.py with a 6-month SLA commitment; dedicated Docker-based Milvus smoke-test job in Main CI/CD Pipeline. (PR #721)
  • [#740] Claude Code plugin manifest shape validation: CI smoke test now validates plugin.json against the full Claude Code plugin spec (author object, tools array, schema fields) using structured JSON shape checks — catches regressions that JSON.parse alone misses. (PR #740)

Security

  • [#745] OAuth hardening: Harden the authorization-code redirect response against CodeQL alerts py/reflective-xss (#385) and py/url-redirection (#382). _build_redirect_url now rejects javascript:, data:, vbscript:, file:, about:, and blob: schemes (RFC 8252 custom schemes like myapp://callback remain supported). The meta-refresh URL is HTML-attribute-escaped and the JS redirect string has </ escaped to <\/ so it cannot break out of the <script> element. (PR #745)

CI

  • [#741] Docs link-check: Ignore milvus.io and docs.zilliz.com — unblocks the link-checker on all Milvus documentation. (PR #741)
  • [#721] Milvus CI hardening: Docker image tag pinned for reproducibility, docker-compose standalone manifest added for older Docker versions, segment-sealing wait added to prevent intermittent failures. (PR #721)

Test Count

1,547 → 1,675 tests (+128, driven by the Milvus backend test suite)

Upgrade

pip install mcp-memory-service==10.40.0

Or via Claude Code plugin: 

/plugin install mcp-memory-service

PyPI: https://pypi.org/project/mcp-memory-service/10.40.0/ (published automatically via "Publish and Test (Tags)" workflow on tag push)

Check out latest releases or
releases around doobidoo/mcp-memory-service v10.40.0

Don't miss a new mcp-memory-service release

NewReleases is sending notifications on new releases.

Get notifications