This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+4 more
Affected surfaces
Summary
AI summaryFixed a TOCTOU DNS rebinding vulnerability in the CheckLinks tool preventing SSRF attacks.
Full changelog
Security Fix
DNS Rebinding Protection (SSRF)
Fixed a Time-of-Check-Time-of-Use (TOCTOU) vulnerability in the CheckLinks tool where DNS records could be changed between validation and connection.
Changes:
- Added connection-time IP validation using
net.Dialer.Control - IP addresses are now validated at TCP connect time, after DNS resolution
- Redirect targets are also validated to prevent SSRF via redirect chains
- Added 16 new security tests for DNS rebinding protection
- Updated SECURITY.md with SSRF protection documentation
Full Changelog: https://github.com/olgasafonova/mediawiki-mcp-server/compare/v1.17.3...v1.17.4
Security Fixes
- Fixed TOCTOU vulnerability in CheckLinks where DNS records could change between validation and connection, adding TCP connect‑time IP validation and redirect target checks.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About olgasafonova/mediawiki-mcp-server
Connect to any MediaWiki wiki (Wikipedia, Fandom, corporate wikis). 33+ tools for search, read, edit, link analysis, revision history, and Markdown conversion. Supports stdio and HTTP transport.
Related context
Related tools
Earlier breaking changes
- v1.31.0 rationale parameter now required on 7 destructive MCP tools
Beta — feedback welcome: [email protected]