This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+6 more
Affected surfaces
Summary
AI summaryFixed stored XSS vulnerability in blog JSON-LD structured data.
Full changelog
Security
- Fixed stored XSS vulnerability in blog JSON-LD structured data (CodeQL alert #9)
Fixed
- Server version string now reads from
package.jsondynamically — was hardcoded at 0.1.0 - Package and registry descriptions aligned to canonical messaging
Added
pnpm-workspace.yaml— enables pnpm v10+ native module builds (fixes Glama Docker build)glama.json— Glama MCP registry server claiming- SEO infrastructure:
sitemap.xml,robots.txt, canonical URLs, JSON-LD structured data - Blog vocabulary series: Eval Tax, Eval Drift, Eval Gap, Eval Coverage, Eval-Driven Development
- Future-date blog post filtering
- Internal cross-links across all 15 blog posts
- Google Search Console domain verification
Changed
- Blog author standardized to "Ian Parent"
- Dev.to tags diversified per article topic
- GitHub repository topics updated
Full Changelog: https://github.com/iris-eval/mcp-server/compare/v0.1.4...v0.1.5
Full Changelog: https://github.com/iris-eval/mcp-server/compare/v0.1.4...v0.1.5
Full Changelog: https://github.com/iris-eval/mcp-server/compare/v0.1.4...v0.1.5
Security Fixes
- CVE-2023-XXXXX — Fixed stored XSS vulnerability in blog JSON-LD structured data (CodeQL alert #9)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About iris-eval/mcp-server
MCP-native agent evaluation and observability server with trace logging, output quality evaluation, cost tracking, 12 built-in eval rules, real-time dashboard, and PII detection.
Related context
Beta — feedback welcome: [email protected]