Skip to content

n24q02m/better-godot-mcp

v1.9.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai-agents ai-coding claude claude-code cursor docker
+7 more
gdscript godot godot-engine mcp mcp-server model-context-protocol typescript

Affected surfaces

auth deps

Summary

AI summary

Relay‑first startup always shows the relay URL.

Full changelog

v1.9.0 (2026-03-30)

Bug Fixes

  • Credential resolution order -- relay only when no local credentials (fcfda4c)

  • High Fix Unvalidated Editor Process Query (#319, 2f58480)

  • Pin Docker base images to SHA digests (b40513b)

  • Pin pre-commit hooks to commit SHA (ac6743b)

  • Send complete message to relay page after config saved (19b2b97)

  • cd: Remove empty env blocks from OIDC migration (d6312ce)

  • cd: Replace GH_PAT with GitHub App installation token (46c2012)

  • cd: Use npm OIDC provenance instead of NPM_TOKEN (50ceb6e)

  • ci: Consolidate SMTP_USERNAME and NOTIFY_EMAIL into one secret (f914d04)

  • ci: Consolidate SMTP_USERNAME+PASSWORD into SMTP_CREDENTIAL (5b125a7)

  • ci: Remove CODECOV_TOKEN, use tokenless upload (f445b0a)

  • ci: Use Vertex AI WIF instead of GEMINI_API_KEY for code review (f6ac417)

  • deps: Update non-major dependencies (#306, 1cbe349)

  • security: Prevent type-stripping in wrapToolResult wrapper (#324, c99c19b)

Chores

  • deps: Lock file maintenance (fa9a225)

  • deps: Lock file maintenance (#332, 9ca940d)

  • deps: Update actions/create-github-app-token action to v3 (#335, 0c499d6)

  • deps: Update codecov/codecov-action action to v6 (#330, 7ec6b81)

  • deps: Update google-github-actions/auth action to v3 (#336, 738f339)

Code Style

  • Fix Biome formatting in plugin/extension JSON files (82e3134)

Features

  • Relay-first startup — always show relay URL (963488a)

Performance Improvements

  • resources: Avoid .flat() in findResourceFiles (#333, c39f879)

Refactoring

  • Remove relay setup -- project_path provided per tool call (c25015e)

Detailed Changes: v1.8.0...v1.9.0

Security Fixes

  • Prevent type‑stripping in wrapToolResult wrapper (addresses a security vulnerability)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track n24q02m/better-godot-mcp

Get notified when new releases ship.

Sign up free

About n24q02m/better-godot-mcp

18 composite tools for structured Godot 4.x interaction: scenes, nodes, GDScript, shaders, animation, tilemap, physics, audio, navigation, UI, input mapping, and signals.

All releases →

Related context

Beta — feedback welcome: [email protected]