Skip to content

n24q02m/wet-mcp

v3.1.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 15d MCP Search & Web
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai-agents ai-coding claude claude-code crawl4ai cursor
+8 more
docker mcp mcp-server model-context-protocol python searxng web-scraping web-search

Affected surfaces

rce_ssrf

Summary

AI summary

Updates deps, feat, and auto-generated across a mixed release.

Changes in this release

Security Medium

Fixed raw SQL query using f-string vulnerability

Fixed raw SQL query using f-string vulnerability

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Security Medium

Fixed critical Path Traversal vulnerability in token_store.py (Sentinel)

Fixed critical Path Traversal vulnerability in token_store.py (Sentinel)

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Feature Medium

Sync cross-promo section (auto-generated)

Sync cross-promo section (auto-generated)

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Dependency Medium

Updated ghcr.io/astral-sh/uv docker digest to 3a59a3c

Updated ghcr.io/astral-sh/uv docker digest to 3a59a3c

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Dependency Medium

Updated github/codeql-action digest to 68bde55

Updated github/codeql-action digest to 68bde55

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Dependency Medium

Updated actions/dependency-review-action to v5

Updated actions/dependency-review-action to v5

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Dependency Medium

Maintained lock file updates

Maintained lock file updates

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Dependency Medium

Updated python:3.13-slim-bookworm docker digest to 386df64

Updated python:3.13-slim-bookworm docker digest to 386df64

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Dependency Medium

Updated actions/upload-artifact action to v7

Updated actions/upload-artifact action to v7

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Performance Medium

Removed redundant JSON parsing overhead in tool handlers (Bolt)

Removed redundant JSON parsing overhead in tool handlers (Bolt)

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Medium

Updated dependency google-genai to v2

Updated dependency google-genai to v2

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Medium

Resolved N+1 Query issue in FTS Search execution

Resolved N+1 Query issue in FTS Search execution

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Medium

Fixed overly long function discover_library in docs.py

Fixed overly long function discover_library in docs.py

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Bugfix Medium

Fixed overly long function config in server.py

Fixed overly long function config in server.py

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Refactor Medium

Modularized _probe_docs_url in docs.py

Modularized _probe_docs_url in docs.py

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Other Medium

Added missing test for `uvx_searxng_blocked_error`

Added missing test for `uvx_searxng_blocked_error`

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Other Medium

Added missing test for `_openai_completion` Exception block

Added missing test for `_openai_completion` Exception block

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Other Medium

Added missing test for `load_token_for_sub`

Added missing test for `load_token_for_sub`

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Other Medium

Commented out unused function check in setup_tool.py

Commented out unused function check in setup_tool.py

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Full changelog

What's Changed

  • feat: sync cross-promo section (auto-generated) by @n24q02m in https://github.com/n24q02m/wet-mcp/pull/1076
  • chore(deps): update ghcr.io/astral-sh/uv:latest docker digest to 3a59a3c by @renovate[bot] in https://github.com/n24q02m/wet-mcp/pull/1054
  • chore(deps): update github/codeql-action digest to 68bde55 by @renovate[bot] in https://github.com/n24q02m/wet-mcp/pull/1075
  • chore(deps): update actions/dependency-review-action action to v5 by @renovate[bot] in https://github.com/n24q02m/wet-mcp/pull/1078
  • fix(deps): update dependency google-genai to v2 by @renovate[bot] in https://github.com/n24q02m/wet-mcp/pull/1077
  • ⚡ Bolt: Remove redundant JSON parsing overhead in tool handlers by @n24q02m in https://github.com/n24q02m/wet-mcp/pull/1056
  • [SECURITY] Raw SQL query using f-string by @n24q02m in https://github.com/n24q02m/wet-mcp/pull/1060
  • [TEST] Missing test for uvx_searxng_blocked_error by @n24q02m in https://github.com/n24q02m/wet-mcp/pull/1059
  • [TEST] Missing test for _openai_completion Exception block by @n24q02m in https://github.com/n24q02m/wet-mcp/pull/1061
  • [TEST] Missing test for load_token_for_sub by @n24q02m in https://github.com/n24q02m/wet-mcp/pull/1057
  • refactor: modularize _probe_docs_url in docs.py by @n24q02m in https://github.com/n24q02m/wet-mcp/pull/1068
  • [FIX] Overly long function discover_library in docs.py by @n24q02m in https://github.com/n24q02m/wet-mcp/pull/1069
  • [CLEANUP] Commented out function check in setup_tool.py by @n24q02m in https://github.com/n24q02m/wet-mcp/pull/1070
  • [FIX] N+1 Query in FTS Search execution by @n24q02m in https://github.com/n24q02m/wet-mcp/pull/1073
  • [FIX] Overly long function config in server.py by @n24q02m in https://github.com/n24q02m/wet-mcp/pull/1074
  • chore(deps): lock file maintenance by @renovate[bot] in https://github.com/n24q02m/wet-mcp/pull/1085
  • chore(deps): update python:3.13-slim-bookworm docker digest to 386df64 by @renovate[bot] in https://github.com/n24q02m/wet-mcp/pull/1083
  • chore(deps): update actions/upload-artifact action to v7 by @renovate[bot] in https://github.com/n24q02m/wet-mcp/pull/1087
  • 🛡️ Sentinel: [CRITICAL] Fix Path Traversal in token_store.py by @n24q02m in https://github.com/n24q02m/wet-mcp/pull/1091

Full Changelog: https://github.com/n24q02m/wet-mcp/compare/v2.30.2...v3.1.0

Security Fixes

  • CRITICAL: Fixed Path Traversal vulnerability in token_store.py
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track n24q02m/wet-mcp

Get notified when new releases ship.

Sign up free

About n24q02m/wet-mcp

Web search (embedded SearXNG), content extraction, and library docs indexing with hybrid search (FTS5 + semantic). Built-in Qwen3 embedding, no API keys required.

All releases →

Related context

Beta — feedback welcome: [email protected]