Skip to content

achiya-automation/safari-mcp

v2.10.5 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 22d MCP Browser & Automation
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 3 known CVEs

Topics

ai-agents ai-tools apple-silicon applescript automation browser-automation
+14 more
claude claude-code cursor devtools llm-tools macos mcp mcp-server model-context-protocol safari safari-mcp web-automation webkit windsurf

Affected surfaces

auth rbac rce_ssrf deps

ReleasePort's take

Light signal
editorial:auto 13d

v2.10.5 patches CVE-2026-6321 (path-traversal/host-confusion), Hono's injection/bypass vulnerabilities, and IP-Address XSS. npm audit gate now fails builds on high or critical advisories.

Why it matters: CVE-2026-6321 and injection flaws require immediate patching. npm audit gate will fail high/critical builds. Test in dev before upgrading to avoid CI breakage.

Summary

AI summary

Security fixes addressing CVE‑2026‑6321, multiple Hono vulnerabilities, and ip-address XSS.

Changes in this release

Security Medium

IP-Address upgrade fixes XSS in Address6 HTML-emitting methods.

IP-Address upgrade fixes XSS in Address6 HTML-emitting methods.

Source: llm_adapter@2026-05-21

Confidence: high
Security Medium

Fast-URI upgrade fixes host-confusion and path-traversal vulnerabilities (CVE-2026-6321).

Fast-URI upgrade fixes host-confusion and path-traversal vulnerabilities (CVE-2026-6321).

Source: llm_adapter@2026-05-21

Confidence: low
Security Medium

Hono update patches multiple advisories: CSS injection, JWT validation, cache middleware issues, HTML injection, cookie bypasses, IP matching, static serving bypasses, SSG path traversal, and body limit bypass.

Hono update patches multiple advisories: CSS injection, JWT validation, cache middleware issues, HTML injection, cookie bypasses, IP matching, static serving bypasses, SSG path traversal, and body limit bypass.

Source: llm_adapter@2026-05-21

Confidence: low
Breaking Medium

npm audit gate now fails build on high or critical advisories.

npm audit gate now fails build on high or critical advisories.

Source: llm_adapter@2026-05-21

Confidence: high
Full changelog

Security

  • fast-uri 3.1.0 → 3.1.2 (CVE-2026-6321 / GHSA-q3j6-qgpj-74h6) — host-confusion via percent-encoded authority delimiters and path-traversal via percent-encoded dot segments. fast-uri is transitively pulled through hono's URL parsing on the extension's lightweight HTTP surface.
  • hono 4.12.14 → 4.12.18 — rolls up multiple advisories: CSS declaration injection via JSX SSR style object values, JWT NumericDate claim validation in verify(), cache middleware ignoring Vary: Authorization / Vary: Cookie, JSX tag/attribute name HTML injection, non-breaking-space cookie-name bypass, setCookie cookie-name validation, IPv4-mapped IPv6 matching in ipRestriction(), repeated-slash bypass in serveStatic, path traversal in toSSG(), and bodyLimit() bypass for chunked / unknown-length requests.
  • ip-address 10.1.0 → 10.2.0 — XSS in Address6 HTML-emitting methods.

CI

  • npm audit gate now fails the build on high or critical advisories in production dependencies. Previously the gate logged but did not fail. Catches future Dependabot misses earlier.

No user-facing behavior changes. Recommended reinstall for transitive-dependency hardening.

This release also supersedes v2.10.4 on npm (v2.10.4 was tagged but the publish workflow did not reach npm). v2.10.5 includes all v2.10.4 fixes — see v2.10.4 release notes for the ProseMirror multi-paragraph + synthetic-paste pre-clear behavior.

Install: npm install -g [email protected]

Security Fixes

  • CVE-2026-6321 (GHSA-q3j6-qgpj-74h6) — `fast-uri` 3.1.0 → 3.1.2 fixes host‑confusion and path‑traversal via percent‑encoded authority delimiters and dot segments.
  • Hono 4.12.14 → 4.12.18 resolves CSS declaration injection, JWT NumericDate validation, cache middleware Vary handling, JSX tag/attribute HTML injection, non‑breaking‑space cookie bypass, `setCookie` name validation, IPv4‑mapped IPv6 matching in `ipRestriction()`, repeated‑slash bypass in `serveStatic`, path traversal in `toSSG()`, and `bodyLimit()` chunked request bypass.
  • dep: ip-address 10.1.0 → 10.2.0 fixes XSS in `Address6` HTML‑emitting methods.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track achiya-automation/safari-mcp

Get notified when new releases ship.

Sign up free

About achiya-automation/safari-mcp

Native Safari browser automation for AI agents with 80+ tools. No Chrome dependency, optimized for Apple Silicon with 60% less CPU overhead.

All releases →

Related context

Related CVEs

Beta — feedback welcome: [email protected]