Skip to content

icoretech/warden-mcp

v0.1.12 Security

This release includes 4 security fixes for security teams reviewing exposed deployments.

Published 2mo MCP Security & Auth
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 4 known CVEs

Topics

bitwarden mcp mcp-server model-context-protocol password-manager vaultwarden

Affected surfaces

auth rce_ssrf

Summary

AI summary

Add --stdio transport, NOREVEAL env var, and multiple security hardenings.

Full changelog

0.1.12 (2026-03-22)

Features

  • add --stdio flag and WARDEN_MCP_STDIO env var to server entry (2a6b49e)
  • add bin/warden-mcp.js CLI entry with @bitwarden/cli resolution (244d372)
  • add env var fallback to bwEnvFromHeadersOrEnv (0a7c6f3)
  • add NOREVEAL env var to force-disable secret reveals (034286c)
  • add stdio transport (9ecc99c)
  • docker: publish multi-arch image to ghcr.io (2c2f8c7)

Bug Fixes

  • add explicit private:false, add headers-priority test (ef9d5a1)
  • biome: ignore glama.json formatting (a7e55e1)
  • biome: ignore package.json formatting (1d916f4)
  • biome: ignore release-managed json formatting (7dbf5e8)
  • biome: use package.json expand override (1eb7a2c)
  • ci: enable npm trusted publishing (9a8f2af)
  • ci: replace non-existent rhysd/actionlint-action with docker image (01baeaa)
  • ci: scope GitHub Actions permissions to least privilege (6837214)
  • ci: suppress shellcheck SC2034 in session-flood-guardrail workflow (8bde88e)
  • ci: switch package publishing from github packages to npmjs (7bbda65)
  • docker: use release-please version outputs for image tags (0c2b6a9)
  • drop component prefix from release tags (f2000b1)
  • package: add npm keywords (3603fc2)
  • pin bundled bw cli to 2026.1.0 (82731c7)
  • renovate: keep config PRs lint-clean (e510d94)
  • resolve noAsyncPromiseExecutor lint error in stdio transport (fdde3eb)
  • security: disable env credential fallback in HTTP mode by default (7c061ee)
  • security: prevent CLI option injection in send/receive commands (284ef75)
  • security: remove raw CLI output from JSON parse error messages (97e59e8)
  • security: validate receive URL is HTTPS before passing to bw CLI (3932c5d)
  • skip --nointeraction for bw auth bootstrap (368bc5d)
  • ux: clarify stdio credential requirements (1dd8273)

Security Fixes

  • Disable env credential fallback in HTTP mode by default
  • Prevent CLI option injection in send/receive commands
  • Remove raw CLI output from JSON parse error messages
  • Validate receive URL is HTTPS before passing to bw CLI
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track icoretech/warden-mcp

Get notified when new releases ship.

Sign up free

About icoretech/warden-mcp

MCP server for Bitwarden and Vaultwarden vault management. Search, create, edit, and organize logins, notes, cards, identities, SSH keys, folders, collections, attachments, and Sends via the official `bw` CLI.

All releases →

Related context

Beta — feedback welcome: [email protected]