make-software/cspr-trade-mcp

v0.4.2 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo MCP Developer Tools

✓ No known CVEs patched

This release patches 1 known CVE

Affected surfaces

breaking_upgrade

Summary

AI summary

Added OHLCV price history support via new API endpoints and SDK exports.

Full changelog

OHLCV price history support via get_pair_price_history / get_token_price_history in the MCP server and getPairPriceHistory / getTokenPriceHistory in the SDK.
New SDK exports: OHLCVCandle, PriceHistoryInterval, PriceHistoryQuery, and aggregateOHLCV(...).

Hardened deploy handoff defaults for hosted and remote MCP use: deploy file-path input is now disabled unless explicitly enabled for a local same-machine workflow.
Build/sign/submit flows now use inline deploy JSON by default instead of arbitrary file-path handoff between tools.
The /health endpoint now reports whether deploy file-path input is enabled so operators can verify the server is running in the intended mode.

Resolved the remaining casper-js-sdk import paths that still failed under Node 20 / ESM, restoring green build-and-test CI on both Node 20 and Node 22.

Full Changelog: https://github.com/make-software/cspr-trade-mcp/compare/v0.4.1...v0.4.2

Disabled deploy file‑path input by default, hardening hosted/remote MCP handoff; `/health` endpoint now reports its status

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track make-software/cspr-trade-mcp

Get notified when new releases ship.

About make-software/cspr-trade-mcp

Non-custodial DEX trading on the Casper Network via CSPR.trade