awslabs/mcp

v2026.06.20260602223738 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 1d MCP SaaS Integrations

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

aws mcp mcp-client mcp-clients mcp-host mcp-server

+3 more

mcp-servers mcp-tools modelcontextprotocol

Affected surfaces

rce_ssrf auth

ReleasePort's take

Moderate signal

editorial:auto 1d

The openapi-mcp-server release adds SSRF protection, credential isolation, and fixes a FastMCP prompt issue.

Why it matters: Severity 90 security enhancements in openapi-mcp-server require immediate attention for all operators handling API requests.

Summary

AI summary

Updates 2026.06.20260602223738, elasticache-mcp-server, and openapi-mcp-server across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Add SSRF protection, credential isolation, and fix FastMCP 3.x prompt in openapi-mcp-server. Add SSRF protection, credential isolation, and fix FastMCP 3.x prompt in openapi-mcp-server. Source: llm_adapter@2026-06-03 Confidence: high	—
Feature	Low	Add AWS Security Agent MCP Server. Add AWS Security Agent MCP Server. Source: llm_adapter@2026-06-03 Confidence: high	—
Dependency	Low	Bump dsql-lint to >=0.2.1,<0.3 in aurora-dsql. Bump dsql-lint to >=0.2.1,<0.3 in aurora-dsql. Source: llm_adapter@2026-06-03 Confidence: high	—
Bugfix	Medium	Enforce readonly mode on delete and modify serverless cache tools in elasticache-mcp-server. Enforce readonly mode on delete and modify serverless cache tools in elasticache-mcp-server. Source: llm_adapter@2026-06-03 Confidence: high	—
Bugfix	Medium	Harden suspicious-query check in redshift-mcp-server. Harden suspicious-query check in redshift-mcp-server. Source: llm_adapter@2026-06-03 Confidence: high	—

Full changelog

2026.06.20260602223738

What's Changed

fix(elasticache-mcp-server): enforce readonly mode on delete and modify serverless cache tools by @swarnaprakash in https://github.com/awslabs/mcp/pull/3630
fix(openapi-mcp-server): SSRF protection, credential isolation, and FastMCP 3.x prompt fix [v1.1.0] by @prajwalendra in https://github.com/awslabs/mcp/pull/3695
chore(redshift-mcp-server): Harden suspicious-query check in redshift-mcp-server by @grayhemp in https://github.com/awslabs/mcp/pull/3693
chore(aurora-dsql): bump dsql-lint to >=0.2.1,<0.3 by @amaksimo in https://github.com/awslabs/mcp/pull/3697
feat(server): add AWS Security Agent MCP Server by @ljainiaz in https://github.com/awslabs/mcp/pull/3616
chore: release/2026.06.20260602223738 by @awslabs-mcp in https://github.com/awslabs/mcp/pull/3703

New Contributors

@ljainiaz made their first contribution in https://github.com/awslabs/mcp/pull/3616

Full Changelog: https://github.com/awslabs/mcp/compare/2026.05.20260529200555...2026.06.20260602223738

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track awslabs/mcp

Get notified when new releases ship.

About awslabs/mcp

Official MCP Servers for AWS

All releases →