Skip to content

olgasafonova/mediawiki-mcp-server

v1.28.2 Security

This release includes 5 security fixes for security teams reviewing exposed deployments.

Published 1mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 5 known CVEs

Topics

anthropic claude go mcp mcp-server mediawiki
+4 more
model-context-protocol starred wiki wikipedia

Affected surfaces

crypto_tls deps

Summary

AI summary

Fixes GO-2026-4866, GO-2026-4865, GO-2026-4870, GO-2026-4947, and GO-2026-4946 security vulnerabilities in the Go stdlib.

Full changelog

Security

  • Bump Go toolchain to 1.26.2, fixing 5 stdlib vulnerabilities:
    • GO-2026-4866 crypto/x509: case-sensitive excludedSubtrees auth bypass
    • GO-2026-4865 html/template: XSS via JsBraceDepth context tracking
    • GO-2026-4870 crypto/tls: unauthenticated TLS 1.3 KeyUpdate DoS
    • GO-2026-4947 crypto/x509: unexpected work during chain building
    • GO-2026-4946 crypto/x509: inefficient policy validation

Bug Fixes

  • Fix panic in mediawiki_get_wiki_info when cache was pre-warmed (#33)
  • Eliminate ~40 bare type assertions across API response parsing that could panic on unexpected responses
  • Fix tool description defaults and add return info

Other

  • Bump Go dependency group (5 updates)
  • Add CODEOWNERS to protect workflow files
  • Add tilbudstrolden-mcp to cross-reference table

What's Changed

  • deps: bump the go-dependencies group with 5 updates by @dependabot[bot] in https://github.com/olgasafonova/mediawiki-mcp-server/pull/32

Full Changelog: https://github.com/olgasafonova/mediawiki-mcp-server/compare/v1.28.1...v1.28.2

Security Fixes

  • GO-2026-4866 — crypto/x509 case‑sensitive excludedSubtrees authentication bypass
  • GO-2026-4865 — html/template XSS via JsBraceDepth context tracking
  • GO-2026-4870 — crypto/tls unauthenticated TLS 1.3 KeyUpdate denial‑of‑service
  • GO-2026-4947 — crypto/x509 unexpected work during chain building
  • GO-2026-4946 — crypto/x509 inefficient policy validation
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track olgasafonova/mediawiki-mcp-server

Get notified when new releases ship.

Sign up free

About olgasafonova/mediawiki-mcp-server

Connect to any MediaWiki wiki (Wikipedia, Fandom, corporate wikis). 33+ tools for search, read, edit, link analysis, revision history, and Markdown conversion. Supports stdio and HTTP transport.

All releases →

Related context

Earlier breaking changes

  • v1.31.0 rationale parameter now required on 7 destructive MCP tools

Beta — feedback welcome: [email protected]