This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+4 more
Summary
AI summaryDocker support added for self‑hosting mcp-telegram.
Full changelog
What's new
Docker support
Self-host mcp-telegram with the official multi-stage alpine Dockerfile. ~50MB image, no bloat.
Build:
docker build -t mcp-telegram https://github.com/overpod/mcp-telegram.git
Login (once, interactive):
docker run -it --rm \
-e TELEGRAM_API_ID=YOUR_ID \
-e TELEGRAM_API_HASH=YOUR_HASH \
-v ~/.mcp-telegram:/root/.mcp-telegram \
--entrypoint node mcp-telegram dist/qr-login-cli.js
Run as MCP server:
docker run -i --rm \
-e TELEGRAM_API_ID=YOUR_ID \
-e TELEGRAM_API_HASH=YOUR_HASH \
-v ~/.mcp-telegram:/root/.mcp-telegram \
mcp-telegram
Non-blocking startup
MCP server now starts immediately and connects to Telegram in the background. Previously, slow session loads or network issues could delay the server becoming available.
Local QR fallback
QR login code is now saved to ~/.mcp-telegram/qr-login.png as a local fallback. Removed the previous api.qrserver.com remote fallback — no login data ever leaves your machine.
Security
sessionDirgetter added toTelegramServicefor clean path resolution- Explicit note in README: all MTProto communication goes directly to Telegram, no third-party services
Thanks to @andrejbestuzhev for the original PR #3 with the Docker, non-blocking startup, and privacy ideas!
Security Fixes
- QR login now saved locally only — no login data ever leaves the machine (removed api.qrserver.com remote fallback)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About overpod/mcp-telegram
Telegram MCP server via MTProto/GramJS — 20 tools for reading chats, searching messages, downloading media, managing contacts. QR code login, npx zero-install. Hosted version at mcp-telegram.com.
Related context
Beta — feedback welcome: [email protected]