This release includes 1 breaking change for platform teams planning a safe upgrade.
✓ No known CVEs patched in this version
Topics
+10 more
Affected surfaces
Summary
AI summaryCORS wildcard removed and configurable via REMEMBRA_CORS_ORIGINS
Full changelog
🔒 Security & QA Fixes
Fixed
- CORS Configuration — Removed wildcard
allow_origins=["*"], now configurable viaREMEMBRA_CORS_ORIGINS - PATCH /memories/{id} — Full implementation (was returning 501)
- Batch Operations —
/store/batchand/recall/batchnow functional - SSE Streaming —
/ingest/streamfor conversation ingestion - OpenTelemetry — Tracing module fully implemented
- Production CORS — Added
app.remembra.devandremembra.devto allowed origins - Stripe Env Vars — Accept both prefixed and non-prefixed Stripe environment variables
Changed
- Stub endpoints now return 503 Service Unavailable with helpful messages (was 501)
- Improved error messages throughout API
Documentation
- Added QA Remediation Results report
- Updated MCP Server documentation
- Added feature comparison chart
Install:
pip install remembra==0.7.1
# or
npm install [email protected]
Full Changelog: https://github.com/remembra-ai/remembra/compare/v0.7.0...v0.7.1
Breaking Changes
- Removed wildcard allow_origins=["*"]; CORS must now be configured via the REMEMBRA_CORS_ORIGINS environment variable.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About remembra-ai/remembra
Persistent memory layer for AI agents with entity resolution, PII detection, AES-256-GCM encryption at rest, and hybrid search. 100% on LoCoMo benchmark. Self-hosted.
Related context
Related tools
Beta — feedback welcome: [email protected]