imatza-rh/mcp-zuul

v0.3.2 Security

This release includes 4 security fixes for security teams reviewing exposed deployments.

Published 2mo MCP Developer Tools

✓ No known CVEs patched

This release patches 4 known CVEs

Affected surfaces

auth deps

Summary

AI summary

Auth token protection hardens against leakage on cross‑origin redirects.

Full changelog

Auth token protection — _BearerAuth (httpx.Auth subclass) prevents token leakage on cross-origin redirects
Streaming size caps — fetch_log_url (20 MB), stream_log (10 MB) prevent unbounded memory consumption
Precise stream truncation — includes partial last chunk up to the exact size limit
XML safety — defusedxml.ElementTree for JUnit XML parsing
Kerberos auth lock — asyncio.Lock serializes concurrent re-auth to prevent session corruption
Non-JSON response handling — clear errors when reverse proxies return HTML for all API functions
SPNEGO token guard — prevents sending empty Negotiate header

Full Changelog: https://github.com/imatza-rh/mcp-zuul/compare/v0.3.1...v0.3.2

_BearerAuth (httpx.Auth subclass) prevents token leakage on cross-origin redirects
defusedxml.ElementTree used for JUnit XML parsing to mitigate XML attacks
asyncio.Lock serializes concurrent Kerberos re‑auth to prevent session corruption
SPNEGO guard blocks empty Negotiate header transmission

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track imatza-rh/mcp-zuul

Get notified when new releases ship.

About imatza-rh/mcp-zuul

Zuul CI integration with 14 tools for build failure analysis, log search, pipeline status, and job configuration.