AnythingMCP

v0.1.21 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 26d MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

ai-agents anthropic api-gateway api-to-mcp chatgpt claude

+14 more

database gemini graphql llm-tools mcp mcp-gateway mcp-middleware mcp-proxy mcp-server model-context-protocol openapi rest self-hosted soap

Affected surfaces

auth breaking_upgrade

Summary

AI summary

Fixed four bugs: OAuth DCR handling, verification code logging, OpenApiParser YAML support, and cross‑tenant tool name collisions.

Full changelog

Patch release fixing four bugs surfaced by analysing 8 weeks of usage logs on cloud.anythingmcp.com.

Fixes (from #135)

POST /register OAuth DCR no longer 500s on malformed bodies. 17 hits in production crashed with `TypeError: Cannot read properties of undefined (reading 'redirect_uris')` when callers (multipart/form-data Server Actions, OAuth clients sending non-JSON) hit the upstream `@rekog/mcp-nest` controller. New `OAuthRegisterGuardMiddleware` returns RFC 7591 `invalid_client_metadata` / `invalid_redirect_uri` with 400 instead of letting the library 500.
Verification codes no longer logged in plaintext. `EmailService` was warning `verification code for X: 641958` whenever local SMTP wasn't configured (4 different users in the past week). Replaced with a debug line that just records that delegation to the external mailer happened.
OpenApiParser accepts YAML and OpenAPI 3.1. `Unexpected token 'o', "openapi: 3"...` was the second-most-common 5xx — users pasted YAML specs and the parser called `JSON.parse` blindly. Now decodes JSON-or-YAML and routes 3.1 specs through `SwaggerParser.dereference()` (skipping the strict 3.0-only validator) so `$ref` still resolves.
Cross-tenant tool-name collision on the global /mcp endpoint fixed. Three orgs had a connector with the same tool name; `getTool(name)` returned whichever was registered first. Added `organizationId` to `RegisteredTool` and a new `getToolForOrg(name, orgId)` lookup, wired through the auth handler in `mcp-server.service` and the executor in `dynamic-mcp-tools` so authenticated callers resolve their own org's tool. `/mcp/:serverId` was already safe via connector-id scoping.

Verification

backend jest: 561 passed, 1 skipped, 0 failed (5 new tests)
`scripts/smoke-test/run.sh`: 12/12 PASS end-to-end
frontend Playwright: 3/3 PASS
All CI gates green (CodeQL, Trivy filesystem scan, lint, tsc, build)

Compatibility

No breaking changes. No new env vars. The OAuth `/register` endpoint now rejects invalid bodies with 400 instead of crashing with 500 — clients that previously got 500 will now see the proper RFC 7591 error response.

Security Fixes

Verification codes are no longer logged in plaintext

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track AnythingMCP

Get notified when new releases ship.

About AnythingMCP

All releases →