cameronrye/openzim-mcp

v2.1.6 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 5h MCP Data & Storage

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

kiwix mcp mcp-server openzim zim

Affected surfaces

auth breaking_upgrade

ReleasePort's take

Moderate signal

editorial:auto 3h

The release updates the pyjwt dependency to version 2.13.0, applying a security floor and fixing a manifest‑mode release tagging issue.

Why it matters: Addresses vulnerabilities in pyjwt; upgrade to ≥2.13.0 required for all deployments using this dependency.

Summary

AI summary

Security fix raises pyjwt minimum version to 2.13.0 and repairs manifest‑mode release tagging.

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Updates pyjwt to 2.13.0, applying security floor and fixing manifest-mode release tagging issue. Updates pyjwt to 2.13.0, applying security floor and fixing manifest-mode release tagging issue. Source: llm_adapter@2026-06-04 Confidence: low	—
Security	High	Updates pyjwt to 2.13.0, applying a security floor. Updates pyjwt to 2.13.0, applying a security floor. Source: granite4.1:30b@2026-06-04-audit Confidence: low	—

Full changelog

2.1.6 (2026-06-04)

Fixed

pyjwt 2.13.0 security floor + repair manifest-mode release tagging (#258) (9b290ad)

Security Fixes

pyjwt minimum version raised to 2.13.0 (security floor) and manifest‑mode release tagging repaired

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track cameronrye/openzim-mcp

Get notified when new releases ship.

About cameronrye/openzim-mcp

Modern, secure MCP server for accessing ZIM format knowledge bases offline. Enables AI models to search and navigate Wikipedia, educational content, and other compressed knowledge archives with smart retrieval, caching, and comprehensive API.

All releases →

Related context

Related tools

Earlier breaking changes

v2.0.0a15 _attribute_sections falls back to first section when no section brackets located passage
v2.0.0a13 canonical‑splice gate tightened to require exact path equality, fixing H2/H3 surface end‑to‑end behavior across all shapes.
v2.0.0a11 Exposed `content_offset` as top-level `zim_query` parameter, validated >=0, threaded through options.
v2.0.0a10 `get article M/<key>` now returns ZIM metadata entry rather than aliased C-namespace article body.
v2.0.0a10 `metadata for <file>` returns concise metadata strings instead of full article bodies for new-scheme archives.