This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+4 more
Affected surfaces
Summary
AI summaryAdded Unicode NFC normalization to page titles, content validation, and search queries to prevent bypass attacks.
Full changelog
Security Improvement
Unicode NFC Normalization
Added Unicode NFC normalization to prevent bypass attacks using alternative character representations:
- Combining characters:
cafe\u0301→café - Alternative encodings: Different Unicode forms of the same visual character
- Homoglyph prevention: Consistent handling of look-alike characters
Applied to page titles, content validation, and search queries. Matches MediaWiki's internal normalization.
Full Changelog: https://github.com/olgasafonova/mediawiki-mcp-server/compare/v1.17.5...v1.17.6
Security Fixes
- Implemented Unicode NFC normalization to prevent bypass attacks using alternative character representations (combining characters, homoglyphs) in page titles, content, and searches.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About olgasafonova/mediawiki-mcp-server
Connect to any MediaWiki wiki (Wikipedia, Fandom, corporate wikis). 33+ tools for search, read, edit, link analysis, revision history, and Markdown conversion. Supports stdio and HTTP transport.
Related context
Related tools
Earlier breaking changes
- v1.31.0 rationale parameter now required on 7 destructive MCP tools
Beta — feedback welcome: [email protected]