rps321321/obsidian-mcp-pro

v1.6.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Summary

AI summary

move_note now updates references across the vault by default, with a new opt‑out flag and detailed rewrite reporting.

Full changelog

Vault-wide link rewriting on move_note filed in #3, implemented in #4, and additional hardening contributed by @brentkearney during review.

Changed

move_note now updates references across the vault by default, matching Obsidian's "Automatically update internal links" behavior. Wikilinks ([[old]], ![[old]], with aliases and #heading / #^block-id fragments preserved), markdown links ([text](old.md) and the extension-less form), and canvas nodes[].file fields all follow the move. The link form is preserved when possible — a bare [[idea]] stays bare when the basename remains unambiguous post-move, and falls back to the path form ([[archive/idea]]) when it doesn't. Pass updateLinks: false to skip the rewrite scan (faster on huge vaults, or when the caller is doing its own bookkeeping). Addresses the move_note half of #3; delete_note reference handling is tracked in #7.

Added

MoveNoteOptions and MoveNoteResult exported from lib/vault.ts. The result reports per-file counts of rewritten and failed referrers so callers can surface partial-failure cases. The rename itself stays committed if the rewrite phase encounters a per-file failure — failures are surfaced rather than rolled back.
lib/link-rewriter.ts (planMoveRewrites, applyRewrites): pure planner + applier split for testability. Reuses the existing Obsidian-faithful resolveWikilink so a link is only rewritten when it actually pointed at the moved file pre-move (handles basename collisions and proximity tie-breaking correctly).
lib/markdown.ts: extractWikilinkSpans, extractMarkdownLinkSpans (offset-preserving variants of extractWikilinks for in-place rewriting), and formatWikilinkTarget (form-preserving target picker).
lib/errors.ts: escapeControlChars for sanitizing caller-controllable strings before they reach tool output. Also applied internally by sanitizeError, so every existing call site gets the same protection against control-char injection (e.g. attacker-controlled filenames containing \n smuggling text into LLM context).

Security

TOCTOU correctness in move_note reference rewriting: applyEditsBackToFront now verifies each edit's expected pre-edit content before splicing. A parallel write_note between plan and apply is surfaced in failedReferrers rather than corrupting referrer files silently.

Fixed

Inline-code detection in the link extractor handles N-backtick spans (not just single-backtick) and 4-space / tab indented code blocks per CommonMark, so wikilinks inside code samples are no longer rewritten when their containing notes are moved.

Install / upgrade:

npm install -g [email protected]
# or pin in your MCP client config
npx -y [email protected]

Full changelog: CHANGELOG.md

Security Fixes

TOCTOU protection added to `move_note` reference rewriting; edits now verify pre‑edit content before applying, surfacing concurrent write failures instead of silent corruption

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track rps321321/obsidian-mcp-pro

Get notified when new releases ship.

About rps321321/obsidian-mcp-pro

Feature-complete Obsidian vault MCP server with 23 tools and 3 resources. Full-text search, note CRUD, frontmatter queries, tag management, backlinks, graph traversal (BFS up to 5 hops), orphan/broken link detection, and canvas support. Auto-detects vault, path traversal protection, MIT licensed.

All releases →