Skip to content

n24q02m/mnemo-mcp

v1.9.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai-agents ai-coding ai-memory claude claude-code cursor
+8 more
docker hybrid-search mcp mcp-server model-context-protocol python rclone sqlite

Affected surfaces

auth rce_ssrf deps

Summary

AI summary

Fix potential SQL injection in vector table creation.

Full changelog

v1.9.0 (2026-03-20)

This release is published under the MIT License.

Bug Fixes

  • Add assert mem is not None in test_db.py (#223, 8533ca1)

  • Add coverage for json decode error in sync auth extraction] (#226, 743a8e3)

  • Chore: Rename # Fixtures to # Test Setup in test_db_coverage.py (#220, 1c48ce1)

  • Correct ruff formatting error in test_graph.py (#226, 743a8e3)

  • Fix DoS risk via parameter clamping in handler functions (#213, 11ee352)

  • Fix false positive action task by replacing comment keyword (#219, f227714)

  • Fix missing test coverage for OSError in token_store] (#229, c2f362c)

  • Fix potential SQL injection in vector table creation (#224, d720304)

  • Format tests/test_graph.py to pass ruff formatting check (#223, 8533ca1)

  • Improve test coverage from 94% to 97% and remove dead code (a6df5c1)

  • Remove 27 duplicate assert mem is not None lines in test_db.py (#233, f0a4493)

  • Testing improvement] Add error test for config GPU detection (#223, 8533ca1)

  • Testing improvement] Add tests for config GGUF support ImportError branch (#228, 70a7c2c)

  • ci: Remove job-level continue-on-error from dependency-review (bb6907a)

  • deps: Update dependency qwen3-embed to >=1.5.0 (#214, aa8142a)

Chores

  • Align CI/CD action versions (9f564ec)

  • Remove fix_ty.py to pass ruff checks (#223, 8533ca1)

  • Rename # Fixtures to # Test Setup in test_db_coverage.py (#220, 1c48ce1)

  • deps: Lock file maintenance (#211, 76eeeee)

  • deps: Update codecov/codecov-action digest to 1af5884 (#216, 212b072)

  • deps: Update dawidd6/action-send-mail action to v16 (#215, 73e73b2)

Documentation

  • Update README for v1.8.0 features and Jina AI priority (dcaac15)

Features

  • Optimize archive_old_memories using executemany (#222, aba7352)

  • Optimize relation creation via executemany (#231, c5d1d6d)

  • Optimize struct.pack serialization for vectors (#212, 789c6cc)

  • Remove unused legacy embed_texts] (#225, cd975af)

  • Testing] Add missing coverage for local embedding init failure (#221, 547c38f)

Refactoring

  • Remove custom endpoint support (EMBEDDING_API_BASE, RERANK_API_BASE) (8364d50)

Testing

  • Add coverage for JSONDecodeError in _interactive_auth (#226, 743a8e3)

  • Fix type checking errors in test_db.py (#226, 743a8e3)

Detailed Changes: v1.8.1...v1.9.0

Security Fixes

  • Fix potential SQL injection in vector table creation (addressed by #224)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track n24q02m/mnemo-mcp

Get notified when new releases ship.

Sign up free

About n24q02m/mnemo-mcp

Persistent AI memory with SQLite hybrid search (FTS5 + semantic). Built-in Qwen3 embedding, rclone sync across machines. Zero config, no cloud, no limits.

All releases →

Related context

Beta — feedback welcome: [email protected]