Skip to content

rps321321/obsidian-mcp-pro

v1.7.2 Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 1mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Affected surfaces

auth rbac

Summary

AI summary

Fixed session-lifecycle bug in HTTP transport and DNS-rebinding host check for port 0.

Full changelog

Fixes a session-lifecycle bug in --transport=http where every reconnect, and every concurrent client past the first, returned HTTP 500 with "Already connected to a transport". Each initialize now constructs a fresh McpServer per session.

Reported by @j-menzies in #8.

Fixed

  • Per-session McpServer for the streamable HTTP transport. Reconnects and concurrent clients now work. The startup singleton and the configureLogger({ mcpServer }) wiring are gone in HTTP mode. Stdio transport is unaffected (one session per process).
  • DNS-rebinding allowedHosts now uses the actually-bound port. Callers passing port: 0 (tests, embedders) previously had :0 literally in the allowlist, so every real request 400'd with "Invalid Host header". The list is populated after listen() returns the OS-assigned port.
  • HTTP-mode log forwarding via notifications/message is removed; stderr remains the log source for HTTP operators. Stdio mode keeps log forwarding.

Tests

  • Two new regression tests in src/__tests__/http-server.test.ts driven through the SDK's StreamableHTTPClientTransport: a sequential reconnect (close A, then connect B) and two concurrent sessions on the same server. Previous suite never exercised a full handshake, which is why this slipped through.

Full changelog: CHANGELOG.md

Breaking Changes

  • Removed startup singleton and `configureLogger({ mcpServer })` wiring in HTTP mode.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track rps321321/obsidian-mcp-pro

Get notified when new releases ship.

Sign up free

About rps321321/obsidian-mcp-pro

Feature-complete Obsidian vault MCP server with 23 tools and 3 resources. Full-text search, note CRUD, frontmatter queries, tag management, backlinks, graph traversal (BFS up to 5 hops), orphan/broken link detection, and canvas support. Auto-detects vault, path traversal protection, MIT licensed.

All releases →

Related context

Beta — feedback welcome: [email protected]