This release includes 4 security fixes for security teams reviewing exposed deployments.
Topics
+5 more
Affected surfaces
Summary
AI summaryMCP server command allowlist restricts execution to a specific set of binaries.
Full changelog
v0.7.1 - Security hardening
Security
- MCP server: command allowlist — only
npx,node,python,python3,uvx,docker,deno,bunpermitted - GitHub Action: eliminate shell injection — bash arrays and
--body-filefor PR comments - MCP server: path validation — constrained to runs/cassettes directory
- Stderr buffer cap — 500 lines max
Added
deepandsecurityparams for MCP tools- Request logging for observability
- 17 new security tests
Full Changelog: https://github.com/KryptosAI/mcp-observatory/compare/v0.7.0...v0.7.1
Full Changelog: https://github.com/KryptosAI/mcp-observatory/compare/v0.7.0...v0.7.1
Breaking Changes
- MCP server now enforces a strict command allowlist permitting only `npx`, `node`, `python`, `python3`, `uvx`, `docker`, `deno`, and `bun`.
Security Fixes
- GitHub Action mitigates shell injection by using bash arrays and `--body-file` for PR comments
- MCP server path validation confines operations to the runs/cassettes directory
- Stderr buffer capped at 500 lines
- 17 new security tests added
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About KryptosAI/mcp-observatory
Regression testing for MCP servers. Auto-discovers servers from Claude configs, checks capabilities, invokes tools, detects schema drift between versions, and recommends new servers based on your environment. Works as both a CLI and an MCP server.
Related context
Beta — feedback welcome: [email protected]