Skip to content

pastorsimon1798/mcp-video

v1.3.1 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 1mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 2 known CVEs

Topics

agent-tools ai-agents ai-video claude claude-code cli
+14 more
cursor ffmpeg hyperframes mcp mcp-server mcp-tools media-automation model-context-protocol python python-library subtitles video video-automation video-editing

Affected surfaces

rce_ssrf crypto_tls

Summary

AI summary

Command injection fix in engine_stabilize.py and SSL verification enabled for AI model downloads.

Full changelog

v1.3.1 — Security Fixes, Bug Fixes, Landing Page Redesign

Security

  • Command injection fix — vectors file path validated as absolute in engine_stabilize.py
  • SSL certificate verification enabled for AI model downloads in ai_engine/upscale.py
  • Path redaction in error messages — no more full filesystem paths leaked

Fixed

  • Proper AI operation timeout (3600s) for demucs/whisper — no more premature kills on long videos
  • FFmpeg stderr buffer increased from 1MB → 10MB — fixes truncated progress on long-running ops
  • Temp file leak fixed in typewriter text effect
  • Pitch shift semitones range validation (-48 to +48)
  • Pixel count cap in color extraction (50K max) — prevents memory exhaustion
  • Whisper temp WAV file cleanup with try-finally
  • Bitrate/size range validation in probe
  • 1MB JSON size limit in CLI argument parser
  • Thread-safe probe cache with threading.Lock
  • Centralized all timeout constants in limits.py

Changed

  • Tool count standardized to 87 MCP tools across all docs and metadata
  • Duplicate Hyperframes section removed from README
  • video_cleanup tool documented in TOOLS.md
  • Shipped v1.3.0 features marked complete in ROADMAP.md
  • Landing page redesigned: Space Grotesk + DM Sans, orange/teal palette, fixed mobile menu, accessibility improvements

Install

uv pip install mcp-video==1.3.1
# or
pip install mcp-video==1.3.1

Full Changelog: https://github.com/KyaniteLabs/mcp-video/compare/v1.3.0...v1.3.1

Security Fixes

  • CVE‑2024‑XXXXX — Command injection fix in engine_stabilize.py by validating file path as absolute
  • SSL certificate verification enabled for AI model downloads in ai_engine/upscale.py
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track pastorsimon1798/mcp-video

Get notified when new releases ship.

Sign up free

About pastorsimon1798/mcp-video

Video editing MCP server with 26 tools for trimming, merging, text overlays, audio sync, filters, color grading, audio normalization, picture-in-picture, split-screen, batch processing, format conversion, subtitles, watermarks, and more. 380 tests, CI on Python 3.11+3.12, progress callbacks, works with Claude Code, Cursor, and any MCP client.

All releases →

Related context

Beta — feedback welcome: [email protected]