This release includes 1 security fix for security teams reviewing exposed deployments.
Published 2mo
MCP Data & Storage
✓ No known CVEs patched
This release patches 1 known CVE
Topics
database
genai
llm
mcp
mcp-server
redis
Summary
AI summaryFixes Zip Slip vulnerability (CWE-22) in nltk, adds LREM support.
Full changelog
What's Changed
- ci(deps): bump actions/upload-artifact from 5 to 6 by @dependabot[bot] in https://github.com/redis/mcp-redis/pull/91
- Add LREM command support for removing list elements by value by @nishanthp in https://github.com/redis/mcp-redis/pull/38
- deps(deps-dev): update uv-build requirement from <0.10.0,>=0.8.3 to >=0.8.3,<0.11.0 by @dependabot[bot] in https://github.com/redis/mcp-redis/pull/93
- fix: upgrade nltk to 3.9.3 to fix Zip Slip vulnerability by @vchomakov in https://github.com/redis/mcp-redis/pull/96
- chore(deps): bump urllib3 from 2.5.0 to 2.6.3 by @dependabot[bot] in https://github.com/redis/mcp-redis/pull/97
- chore(deps): bump python-multipart from 0.0.20 to 0.0.22 by @dependabot[bot] in https://github.com/redis/mcp-redis/pull/98
- chore(deps): bump cryptography from 45.0.7 to 46.0.5 by @dependabot[bot] in https://github.com/redis/mcp-redis/pull/99
- chore(deps): bump mcp from 1.16.0 to 1.23.0 by @dependabot[bot] in https://github.com/redis/mcp-redis/pull/100
- chore(deps): bump azure-core from 1.36.0 to 1.38.0 by @dependabot[bot] in https://github.com/redis/mcp-redis/pull/101
- chore(deps): bump aiohttp from 3.13.2 to 3.13.3 by @dependabot[bot] in https://github.com/redis/mcp-redis/pull/102
- chore(deps): bump starlette from 0.48.0 to 0.49.1 by @dependabot[bot] in https://github.com/redis/mcp-redis/pull/103
- chore(deps): bump filelock from 3.20.0 to 3.20.3 by @dependabot[bot] in https://github.com/redis/mcp-redis/pull/104
- chore(deps): bump authlib from 1.6.5 to 1.6.6 by @dependabot[bot] in https://github.com/redis/mcp-redis/pull/105
- chore(deps): bump marshmallow from 4.0.1 to 4.1.2 by @dependabot[bot] in https://github.com/redis/mcp-redis/pull/106
- ci(deps): bump actions/attest-build-provenance from 3 to 4 by @dependabot[bot] in https://github.com/redis/mcp-redis/pull/108
- ci(deps): bump actions/upload-artifact from 6 to 7 by @dependabot[bot] in https://github.com/redis/mcp-redis/pull/107
- chore(deps): bump authlib from 1.6.6 to 1.6.7 by @dependabot[bot] in https://github.com/redis/mcp-redis/pull/109
- chore(deps-dev): bump black from 25.9.0 to 26.3.1 by @dependabot[bot] in https://github.com/redis/mcp-redis/pull/110
- fix: add REDIS_URL in gemini-extension as a setting by @shrutimantri in https://github.com/redis/mcp-redis/pull/94
- Add hybrid_search tool to Redis MCP server by @nishanthp in https://github.com/redis/mcp-redis/pull/95
New Contributors
- @nishanthp made their first contribution in https://github.com/redis/mcp-redis/pull/38
- @shrutimantri made their first contribution in https://github.com/redis/mcp-redis/pull/94
Full Changelog: https://github.com/redis/mcp-redis/compare/0.4.1...0.5.0
Security Fixes
- nltk upgraded to 3.9.3 fixing Zip Slip vulnerability (CWE-22)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About redis/mcp-redis
The official Redis MCP Server is a natural language interface designed for agentic applications to manage and search data in Redis efficiently
Related context
Beta — feedback welcome: [email protected]