Skip to content

arikusi/deepseek-mcp-server

v1.7.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai claude-code deepseek gemini-cli llm mcp
+2 more
mcp-server typescript

Summary

AI summary

HTTP transport sessions are isolated; SessionStore no longer a singleton, fixing cross-session data exposure.

Full changelog

Security

Cross-session data exposure in HTTP transport (high severity). The SessionStore was a process-wide singleton shared across all connected HTTP clients. In HTTP transport mode, any client that provided another client's session_id to deepseek_chat would read that client's conversation history. The deepseek_sessions tool compounded this by letting any client enumerate all active session IDs (list), delete any session (delete), or wipe every tenant's sessions at once (clear).

STDIO transport was unaffected — each STDIO client runs its own server process, so there was no shared state to leak.

Full advisory and CVE coordination pending.

Changed

  • BREAKING (HTTP transport only). Each HTTP session now gets an isolated SessionStore instance. Conversation history, session listings, and session deletion are scoped to the HTTP session that created them. Clients on the same server no longer share session state.
  • SessionStore is no longer a singleton. SessionStore.getInstance() and SessionStore.resetInstance() have been removed. Construct instances with new SessionStore() and pass them explicitly to registerChatTool, registerSessionsTool, and registerAllTools.
  • UsageTracker.getStats().activeSessions is wired to the STDIO store via UsageTracker.setSessionSource(). In HTTP transport it reports 0 by design — a process-wide count across isolated stores would be both meaningless and a minor cross-tenant information leak.

Added

  • SessionStore isolation tests: independent instances, no shared state, no cross-store effects on clear/delete/list.
  • HTTP transport integration test (src/transport-isolation.test.ts) proving each serverFactory invocation produces a fresh store and that user-supplied session_id collisions across HTTP sessions do not merge data.

Upgrade

npm install @arikusi/[email protected]

Users on STDIO transport: no action needed beyond the upgrade.

Users on HTTP transport: upgrade immediately. Session data is now correctly scoped per HTTP session — if your client relied on cross-client session sharing, that behaviour was the vulnerability and must be reworked.

Breaking Changes

  • Each HTTP session now receives its own `SessionStore` instance; conversation history, listings, and deletions are scoped per-session.
  • `SessionStore.getInstance()` and `SessionStore.resetInstance()` removed; construct instances with `new SessionStore()` and pass explicitly to tool registration functions.

Security Fixes

  • CVE pending: Cross-session data exposure in HTTP transport fixed by isolating each HTTP session's `SessionStore` to prevent unauthorized access to other clients' conversation history and session enumeration/deletion capabilities.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track arikusi/deepseek-mcp-server

Get notified when new releases ship.

Sign up free

About arikusi/deepseek-mcp-server

MCP server for DeepSeek AI with chat, reasoning, multi-turn sessions, function calling, thinking mode, and cost tracking.

All releases →

Related context

Beta — feedback welcome: [email protected]