Skip to content

corebasehq/coremcp

v0.4.4 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2mo MCP Data & Storage
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

database-bridge go legacy-systems llm-ops mcp mcp-server
+1 more
mssql

Affected surfaces

auth rce_ssrf

Summary

AI summary

Type‑based parameter validation replaces the denylist for custom tools, fixing a security vulnerability.

Full changelog

Changes in v0.4.4

  • release: v0.4.4 - changelog and test fix (d9a92cc)
  • Merge pull request #5 from CoreBaseHQ/claude/validate-mcp-server-aRXzp (8b70693)
  • Merge pull request #4 from CoreBaseHQ/copilot/sub-pr-1 (862fd7d)
  • Merge pull request #1 from CoreBaseHQ/claude/validate-mcp-server-aRXzp (7f7c729)
  • review: address feedback from pullrequestreview-3987915093 (07e6bdb)
  • Initial plan (4daf0b6)
  • Merge pull request #3 from tqrcisio/fix/mssql-top-clause-strips-spurious-limit (2b0de9b)
  • Merge pull request #2 from tqrcisio/fix/background-schema-loading (6ec3286)
  • security: replace denylist with type-based parameter validation for custom tools (053c3eb)
  • drop the standalone test (baece37)
  • Preserve any existing s.Limit.Offset when overriding the rowcount. (465e12e)
  • change go version (eb0e802)
  • Simplify comment on query validation (b51bfbb)
  • fix: strip spurious LIMIT when query already has TOP clause in MSSQL adapter (1d22e81)
  • fix: load database schemas in background to prevent MCP initialize timeout (1757301)
  • fix: resolve critical and important bugs in MCP server (61e2ac1)
  • remove special characters (5495aa9)

Security Fixes

  • Replace denylist with type‑based parameter validation for custom tools – mitigates insecure input handling.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track corebasehq/coremcp

Get notified when new releases ship.

Sign up free

About corebasehq/coremcp

A secure, tunnel-native database bridge for AI agents. Connects localhost & on-premise databases (MSSQL, etc.) to LLMs with AST-based query safety and PII masking.

All releases →

Related context

Beta — feedback welcome: [email protected]