This release includes 1 security fix for security teams reviewing exposed deployments.
Affected surfaces
Summary
AI summaryFix critical SQL injection vulnerability in recall queries.
Full changelog
What's New
Security Hardening
- Fix critical SQL injection vulnerability in recall queries
- Add IP-based rate limiting on key creation (5/hour/IP)
- Restrict CORS to configured origins
- Add 64KB request body size limit
- Add key revocation endpoint (
DELETE /keys/revoke) - Remove internal error details from API responses
- Add input length limits on all user-provided strings
MCP Registry
- Published to official MCP Registry (
io.github.AlekseiMarchenko/central-intelligence) - Listed on Glama.ai
- Submitted to mcp.so and awesome-mcp-servers
API Docs
- Interactive HTML docs at
/docs - Machine-readable JSON spec at
/docs/json
Install
npx central-intelligence-cli signup
npx central-intelligence-cli init claude
Or add manually to ~/.claude/settings.json:
{
"mcpServers": {
"central-intelligence": {
"command": "npx",
"args": ["-y", "central-intelligence-mcp"],
"env": { "CI_API_KEY": "your-key" }
}
}
}
Security Fixes
- Fix critical SQL injection vulnerability in recall queries
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About AlekseiMarchenko/central-intelligence
Persistent memory for AI agents. Five tools (remember, recall, context, forget, share) with semantic search via vector embeddings and agent/user/org scoping. Works with Claude Code, Cursor, Windsurf, and any MCP client.
Related context
Related tools
Beta — feedback welcome: [email protected]