Skip to content

Acacian/aegis

v0.9.5 Security

This release includes 9 security fixes for security teams reviewing exposed deployments.

Published 1mo MCP Security & Auth
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 9 known CVEs

Topics

agent-security ai-agent-security ai-agents ai-governance ai-safety ai-security
+14 more
audit-trail compliance guardrails langchain llm-security mcp mcp-security model-context-protocol pii-detection policy-as-code policy-engine policy-testing prompt-injection selection-governance

Affected surfaces

auth rbac

Summary

AI summary

Full defense against the MCP STDIO vulnerability is now enabled by default in aegis-mcp-proxy.

Full changelog

What's New

MCP STDIO Injection Protection (NEW)

  • Full defense against the OX Security MCP STDIO vulnerability (2026-04-15)
  • 3-layer protection: content scanning, frame validation, unified guard
  • Detects JSON-RPC injection, unicode escape bypass, double-encoded payloads, frame concatenation
  • Integrated into aegis-mcp-proxy (enabled by default)

Comprehensive Security Audit Fixes (15+ issues)

HIGH:

  • ArgumentSanitizer: NFKC normalize before pattern matching (unicode bypass)
  • mcp_proxy: reject oversized tool arguments (1MB DoS limit)
  • patch_openai: warn when stream=True (output guardrails ineffective)
  • AuditLogger: add threading.Lock for SQLite thread safety
  • CryptoAuditChain: hmac.compare_digest for timing-safe hash comparison
  • server/app: mandatory API key auth + AEGIS_ADMIN_KEY for policy updates

MEDIUM:

  • InjectionGuardrail: skip LRU cache for >50KB content (memory exhaustion)
  • PIIGuardrail: never store full credit card number in matched_text
  • PIIGuardrail: NFKC normalization (fullwidth digit evasion)
  • PIIGuardrail: detect dashless SSN and 주민등록번호 with keyword context
  • RugPullDetector: atomic write for pin store (TOCTOU prevention)

Stats

  • 6,227 tests passing
  • 11 files changed, 224 insertions, 43 deletions

Upgrade

pip install --upgrade agent-aegis

Full Changelog: https://github.com/Acacian/aegis/compare/v0.9.4...v0.9.5

Security Fixes

  • ArgumentSanitizer now NFKC normalizes before pattern matching to prevent unicode bypass
  • mcp_proxy rejects oversized tool arguments (>1MB) preventing DoS
  • patch_openai adds warning when stream=True due to ineffective guardrails
  • AuditLogger uses threading.Lock for SQLite thread safety
  • CryptoAuditChain employs hmac.compare_digest for timing‑safe hash comparison
  • server/app enforces mandatory API key auth and AEGIS_ADMIN_KEY for policy updates
  • InjectionGuardrail skips LRU cache for content >50KB to avoid memory exhaustion
  • PIIGuardrail no longer stores full credit card numbers in matched_text, adds NFKC normalization, detects dashless SSN/주민등록번호 via keyword context
  • RugPullDetector performs atomic write for pin store preventing TOCTOU
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Acacian/aegis

Get notified when new releases ship.

Sign up free

About Acacian/aegis

Policy-based governance for AI agent tool calls. YAML policies, approval gates, risk assessment, and audit logging. Cross-platform: LangChain, OpenAI, Anthropic, MCP.

All releases →

Related context

Beta — feedback welcome: [email protected]