iris-eval/mcp-server

v0.4.3 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 13d MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agent-evaluation ai-agent claude eval evaluation llm

+6 more

mcp mcp-server model-context-protocol observability security distributed-tracing

Affected surfaces

auth rbac deps

ReleasePort's take

Light signal

editorial:auto 13d

iris-eval v0.4.3 adds supply-chain transparency with SBOM (npm/Docker) published with cosign signatures, GitHub provenance attestation, and cosign keyless signing. GitHub Actions Scorecard integration enables continuous supply-chain posture monitoring.

Why it matters: Enables release integrity verification with SBOM and provenance attestation. No security vulnerabilities patched. Audit attestations in CI and Scorecard metrics quarterly as part of compliance readiness.

Summary

AI summary

Updates Supply-chain transparency, deps, and website across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	LLM-judge system hardened against prompt-injection attacks LLM-judge system hardened against prompt-injection attacks Source: llm_adapter@2026-05-22 Confidence: high	—
Feature
Feature	Medium	npm SBOM (SPDX 2.3) published with cosign signature and Sigstore verification npm SBOM (SPDX 2.3) published with cosign signature and Sigstore verification Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	Docker SBOM (SPDX 2.3) published with cosign signature and Sigstore verification Docker SBOM (SPDX 2.3) published with cosign signature and Sigstore verification Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	npm package published with GitHub-backed provenance attestation npm package published with GitHub-backed provenance attestation Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	Docker image signed with cosign keyless (Sigstore) for keyless verification Docker image signed with cosign keyless (Sigstore) for keyless verification Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	Build attestations carry GitHub-signed provenance for npm SBOM and Docker Build attestations carry GitHub-signed provenance for npm SBOM and Docker Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	Per-advisory threat-model record, fast-uri override, and CI gate added Per-advisory threat-model record, fast-uri override, and CI gate added Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	YC-grade posture hardening: encrypted-report path and postinstall slot closure YC-grade posture hardening: encrypted-report path and postinstall slot closure Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	GitHub Actions Scorecard workflow added for supply-chain security scanning GitHub Actions Scorecard workflow added for supply-chain security scanning Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	Scorecard workflow hardened with token permissions, signed-releases, branch-protection Scorecard workflow hardened with token permissions, signed-releases, branch-protection Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	release.yml workflow token permissions reduced to least-privilege (0→10) release.yml workflow token permissions reduced to least-privilege (0→10) Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	OpenSSF Best Practices Passing badge added to README OpenSSF Best Practices Passing badge added to README Source: llm_adapter@2026-05-22 Confidence: low	—
Dependency
Dependency	Medium	Security/infra dependencies bumped: ip-address, express-rate-limit, codeql, cosign Security/infra dependencies bumped: ip-address, express-rate-limit, codeql, cosign Source: llm_adapter@2026-05-22 Confidence: high	—
Dependency	Medium	Core application dependencies bumped: hono, @types/node, @playwright/test, nextjs Core application dependencies bumped: hono, @types/node, @playwright/test, nextjs Source: llm_adapter@2026-05-22 Confidence: low	—
Dependency	Medium	Dashboard dependencies bumped: typescript, react-router-dom, lucide-react, jsdom Dashboard dependencies bumped: typescript, react-router-dom, lucide-react, jsdom Source: llm_adapter@2026-05-22 Confidence: low	—
Dependency	Medium	Website dependencies bumped: typescript, @types/node, react, @tailwindcss/postcss Website dependencies bumped: typescript, @types/node, react, @tailwindcss/postcss Source: llm_adapter@2026-05-22 Confidence: low	—
Bugfix	Medium	CodeQL action SHA corrected in Scorecard workflow CodeQL action SHA corrected in Scorecard workflow Source: llm_adapter@2026-05-22 Confidence: high	—

Full changelog

Supply-chain transparency

SBOMs: iris-npm-sbom.spdx.json + iris-docker-sbom.spdx.json (attached below). Both are SPDX 2.3 JSON, cover direct + transitive dependencies.

SBOM signatures: each SBOM has a companion .sig (cosign signature) and .pem (Sigstore-issued cert) attached to this release. Verify with:

cosign verify-blob \
  --certificate iris-npm-sbom.spdx.json.pem \
  --signature iris-npm-sbom.spdx.json.sig \
  --certificate-identity-regexp='https://github.com/iris-eval/mcp-server' \
  --certificate-oidc-issuer='https://token.actions.githubusercontent.com' \
  iris-npm-sbom.spdx.json

npm provenance: published with --provenance (verifiable via npm audit signatures or on the package page).

Docker signature: image signed with cosign keyless (Sigstore). Verify with:

cosign verify ghcr.io/iris-eval/mcp-server:v0.4.3 \
  --certificate-identity-regexp='https://github.com/iris-eval/mcp-server' \
  --certificate-oidc-issuer='https://token.actions.githubusercontent.com'

Build attestation: both the npm SBOM and Docker image manifest carry GitHub-signed build-provenance attestations. Inspect with gh attestation verify or cosign verify-attestation.

What's Changed

chore(security): per-advisory threat-model record + fast-uri override + CI gate by @irparent in https://github.com/iris-eval/mcp-server/pull/145
deps(website): bump the nextjs group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/iris-eval/mcp-server/pull/151
ci: bump github/codeql-action from 4.35.3 to 4.35.4 by @dependabot[bot] in https://github.com/iris-eval/mcp-server/pull/147
ci: bump sigstore/cosign-installer from 3.9.2 to 4.1.2 by @dependabot[bot] in https://github.com/iris-eval/mcp-server/pull/148
ci: bump the github group across 1 directory with 3 updates by @dependabot[bot] in https://github.com/iris-eval/mcp-server/pull/106
deps: bump ip-address and express-rate-limit by @dependabot[bot] in https://github.com/iris-eval/mcp-server/pull/140
deps: bump hono from 4.12.14 to 4.12.18 by @dependabot[bot] in https://github.com/iris-eval/mcp-server/pull/142
deps: bump the linting group with 2 updates by @dependabot[bot] in https://github.com/iris-eval/mcp-server/pull/146
deps: bump the testing group with 2 updates by @dependabot[bot] in https://github.com/iris-eval/mcp-server/pull/149
deps: bump @types/node from 25.6.0 to 25.7.0 in the types group by @dependabot[bot] in https://github.com/iris-eval/mcp-server/pull/150
deps: bump @playwright/test from 1.59.1 to 1.60.0 by @dependabot[bot] in https://github.com/iris-eval/mcp-server/pull/152
deps(dashboard): bump typescript from 6.0.2 to 6.0.3 in /dashboard by @dependabot[bot] in https://github.com/iris-eval/mcp-server/pull/100
deps(dashboard): bump react-router-dom from 7.14.0 to 7.14.2 in /dashboard by @dependabot[bot] in https://github.com/iris-eval/mcp-server/pull/105
deps(dashboard): bump lucide-react from 1.8.0 to 1.14.0 in /dashboard by @dependabot[bot] in https://github.com/iris-eval/mcp-server/pull/129
deps(website): bump @types/node from 25.5.0 to 25.8.0 in /website in the types group across 1 directory by @dependabot[bot] in https://github.com/iris-eval/mcp-server/pull/76
deps(website): bump typescript from 6.0.2 to 6.0.3 in /website by @dependabot[bot] in https://github.com/iris-eval/mcp-server/pull/95
deps(website): bump @tailwindcss/postcss from 4.2.2 to 4.3.0 in /website by @dependabot[bot] in https://github.com/iris-eval/mcp-server/pull/104
deps(website): bump the react group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/iris-eval/mcp-server/pull/82
deps(dashboard): bump jsdom from 26.1.0 to 29.1.1 in /dashboard by @dependabot[bot] in https://github.com/iris-eval/mcp-server/pull/128
chore(security): YC-grade posture hardening — encrypted-report path + close postinstall slot by @irparent in https://github.com/iris-eval/mcp-server/pull/155
Add Scorecard workflow for supply-chain security by @irparent in https://github.com/iris-eval/mcp-server/pull/156
fix(security): correct codeql-action SHA in Scorecard workflow by @irparent in https://github.com/iris-eval/mcp-server/pull/157
chore(security): Scorecard hardening — Token-Permissions + Signed-Releases + Branch-Protection by @irparent in https://github.com/iris-eval/mcp-server/pull/158
chore(security): release.yml least-privilege — Token-Permissions 0 → 10 by @irparent in https://github.com/iris-eval/mcp-server/pull/159
chore(release): v0.4.3-rc.0 — validate Signed-Releases workflow by @irparent in https://github.com/iris-eval/mcp-server/pull/160
docs(readme): add OpenSSF Best Practices Passing badge by @irparent in https://github.com/iris-eval/mcp-server/pull/161
fix(security): LLM-judge prompt-injection defense by @irparent in https://github.com/iris-eval/mcp-server/pull/173
chore(release): v0.4.3 — LLM-judge defense + signed releases by @irparent in https://github.com/iris-eval/mcp-server/pull/174

Full Changelog: https://github.com/iris-eval/mcp-server/compare/v0.4.2...v0.4.3

Security Fixes

LLM-judge prompt‑injection defense fixes a security vulnerability

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track iris-eval/mcp-server

Get notified when new releases ship.

About iris-eval/mcp-server

MCP-native agent evaluation and observability server with trace logging, output quality evaluation, cost tracking, 12 built-in eval rules, real-time dashboard, and PII detection.

All releases →