Skip to content

olgasafonova/mediawiki-mcp-server

v1.30.0 Security

This release includes 4 security fixes for security teams reviewing exposed deployments.

Published 1mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 4 known CVEs

Topics

anthropic claude go mcp mcp-server mediawiki
+4 more
model-context-protocol starred wiki wikipedia

Affected surfaces

auth rce_ssrf

Summary

AI summary

Fixes critical cross-origin credential leaks and multiple security vulnerabilities in the MediaWiki MCP server.

Full changelog

Fixed (security)

  • 307/308 cross-origin credential leak (Critical): API client now refuses all redirects via CheckRedirect. The login flow POSTs lgpassword=<bot-password> via the API client; without redirect refusal, a wiki (or any proxy in front of it, or a MITM during DNS/TLS bootstrap) returning 307 Location: https://attacker/ would cause Go to re-POST the entire body to the attacker. (1f8b2e4)
  • HG-2 raw-body leak: API errors no longer echo the raw response body to MCP callers. Replaced with a structured APIError type that retains HTTP status and a stable status-text message; body snippet preserved on the struct (capped at 256 bytes) for server-side logging only. (bef66aa)
  • HG-3 destructive-annotation gaps: mediawiki_upload_file and mediawiki_manage_categories now correctly declare Destructive: true. With IgnoreWarnings: true, mediawiki_upload_file overwrites existing files on the wiki — on wikis that allow SVG, an attacker SVG with inline JS becomes stored XSS-as-the-wiki-origin against every viewer. (c48289e)
  • uploadFromURL SSRF gap: now validates source URL through both validateFileURL (blocks private/internal IPs — closes wiki-as-SSRF-proxy targeting cloud metadata, RFC1918, link-local) and a new MEDIAWIKI_UPLOAD_ALLOWED_DOMAINS env-var allowlist. (c48289e)

Changed

  • mediawiki_upload_file URL upload path now requires MEDIAWIKI_UPLOAD_ALLOWED_DOMAINS env var. Comma-separated allowlist; supports *.example.com subdomain wildcards (apex requires explicit listing). Fail-closed when unset. Set e.g.:
    MEDIAWIKI_UPLOAD_ALLOWED_DOMAINS=cdn.example.com,*.images.tieto.com

Why these matter

Found by the Carlini-style autonomous vulnerability scaffold sweep across the MCP portfolio. Three of the four findings are on hard gates graduated 2026-04-25 in rules/review-patterns.md (HG-2 raw-body, HG-3 destructive annotations + fail-closed allowlists). The 307/308 finding is the strongest novel finding from the mediawiki scan because the credential-bearing client funnels every API call.

Full Changelog: https://github.com/olgasafonova/mediawiki-mcp-server/compare/v1.29.0...v1.30.0

What's Changed

  • ci: auto-dispatch mcp-registry.yml from release workflow by @olgasafonova in https://github.com/olgasafonova/mediawiki-mcp-server/pull/40
  • deslop: add baseline by @olgasafonova in https://github.com/olgasafonova/mediawiki-mcp-server/pull/41
  • security: implement validateFileURL referenced by lying nosec comment by @olgasafonova in https://github.com/olgasafonova/mediawiki-mcp-server/pull/43
  • fix(ci): remove release: published trigger from mcp-registry.yml by @olgasafonova in https://github.com/olgasafonova/mediawiki-mcp-server/pull/44
  • chore: add AGENTS.md (bd-onboard template) by @olgasafonova in https://github.com/olgasafonova/mediawiki-mcp-server/pull/46
  • security: close 307/308 credential leak, HG-2 raw body, HG-3 upload gaps by @olgasafonova in https://github.com/olgasafonova/mediawiki-mcp-server/pull/47

Full Changelog: https://github.com/olgasafonova/mediawiki-mcp-server/compare/v1.29.0...v1.30.0

Breaking Changes

  • `mediawiki_upload_file` URL upload path now requires `MEDIAWIKI_UPLOAD_ALLOWED_DOMAINS` env var; fails closed when unset.

Security Fixes

  • 307/308 cross-origin credential leak (Critical) – API client now refuses all redirects via `CheckRedirect`.
  • HG-2 raw-body leak – API errors no longer echo the raw response body; replaced with structured `APIError` type preserving a capped 256‑byte snippet for logging.
  • HG-3 destructive‑annotation gap – `mediawiki_upload_file` and `mediawiki_manage_categories` now correctly declare `Destructive: true`; prevents stored XSS via SVG uploads when `IgnoreWarnings: true` is set.
  • HG-4 uploadFromURL SSRF gap – source URL validation added through `validateFileURL` (blocks private/internal IPs) and a new `MEDIAWIKI_UPLOAD_ALLOWED_DOMAINS` env‑var allowlist.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track olgasafonova/mediawiki-mcp-server

Get notified when new releases ship.

Sign up free

About olgasafonova/mediawiki-mcp-server

Connect to any MediaWiki wiki (Wikipedia, Fandom, corporate wikis). 33+ tools for search, read, edit, link analysis, revision history, and Markdown conversion. Supports stdio and HTTP transport.

All releases →

Related context

Earlier breaking changes

  • v1.31.0 rationale parameter now required on 7 destructive MCP tools

Beta — feedback welcome: [email protected]