github doobidoo/mcp-memory-service v10.59.1
v10.59.1 — OAuth state parameter RFC 6749 compliance fix
on GitHub

latest release: v10.59.2
9 hours ago

What's New

Bug Fixes

  • fix(oauth): reflect OAuth state parameter verbatim per RFC 6749 §4.1.2 (#944, @tkislan)

    _sanitize_state() stripped non-[A-Za-z0-9-_.] characters and truncated to 128 chars before reflecting state back to the client. RFC 6749 §4.1.2 requires returning state exactly as received. This broke Cursor OAuth (base64url padding =, JWTs, values >128 chars all got mangled). Fix removes _sanitize_state() entirely and reflects state verbatim. 5 parametrized regression tests added in tests/unit/test_oauth_native_clients.py.

Installation

pip install mcp-memory-service==10.59.1
# or
uvx mcp-memory-service==10.59.1

Full Changelog

See CHANGELOG.md for the complete release history.

Check out latest releases or
releases around doobidoo/mcp-memory-service v10.59.1

Don't miss a new mcp-memory-service release

NewReleases is sending notifications on new releases.

Get notifications