This release includes 3 security fixes for security teams reviewing exposed deployments.
Affected surfaces
Summary
AI summarySymlink escape closed, trash realpath check added, and NoteMetadata absolute host path removed to prevent information disclosure.
Full changelog
Security & hardening
- Symlink escape closed in the
noteMCP resource (previously used unchecked sync resolver) - Trash realpath check in
deleteNote— prevents a symlinked.trashfrom escaping the vault - Absolute host path removed from
NoteMetadata(info disclosure) realVaultCachedropped — eliminates staleness when the library API is re-used with different vault paths- Timing-safe Bearer compare via
crypto.timingSafeEqual - Async daily-notes config read (was sync
fsinside async handlers) - Clearer
withFileLockerror chaining — prior rejections no longer masquerade as success - Canvas
colorvalidation ('1'-'6'or hex regex) - Dead double-cap removed in
searchNotes
All 122 tests pass; tsc clean.
Breaking Changes
- Absolute host path removed from `NoteMetadata`
Security Fixes
- Symlink escape closed in the `note` MCP resource
- Trash realpath check added in `deleteNote` to prevent escaping the vault
- Timing‑safe Bearer token comparison via `crypto.timingSafeEqual` implemented
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About rps321321/obsidian-mcp-pro
Feature-complete Obsidian vault MCP server with 23 tools and 3 resources. Full-text search, note CRUD, frontmatter queries, tag management, backlinks, graph traversal (BFS up to 5 hops), orphan/broken link detection, and canvas support. Auto-detects vault, path traversal protection, MIT licensed.
Related context
Beta — feedback welcome: [email protected]