Skip to content

rps321321/obsidian-mcp-pro

v2.0.0 Security

This release includes 7 security fixes for security teams reviewing exposed deployments.

Published 16d MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 7 known CVEs

Affected surfaces

auth rce_ssrf deps

Summary

AI summary

Renamed get_tags to list_tags, added mandatory confirmation for permanent deletes, and restricted CORS defaults.

Full changelog

Full-codebase security and correctness audit: 75+ fixes across 42 files, verified against current library documentation.

Breaking Changes

  • get_tags renamed to list_tags for consistency with other listing tools
  • delete_note requires confirm: true for permanent deletes
  • CORS defaults to localhost-only (was *); configure allowedOrigins for remote clients
  • cosineSimilarity throws on dimension mismatch instead of returning 0
  • listNotes throws for non-existent folders instead of returning []

Highlights

Security (20 fixes)

  • SSRF prevention on embedding URLs (scheme + host validation)
  • Symlink escape prevention in vault traversal
  • Blocked dangerous file extensions (.exe, .bat, .ps1, etc.)
  • SVG XSS mitigation (served as text/plain)
  • javascript:/data:/vbscript: URI blocking in canvas links
  • Security headers on all HTTP responses
  • Auth failure logging, session ID validation, file permission hardening
  • Input validation bounds on all Zod schemas across every tool

Correctness (17 fixes)

  • Bases not: filter logic, loadStore race condition, saveStore concurrency
  • Block ID matching, row.links population, frontmatter preservation
  • Canvas self-loop/duplicate edge rejection, config validation
  • Link exact matching (no more prefix false positives)

Performance (9 fixes)

  • find_similar_notes reduced from O(n*m) to O(n) via centroid
  • Cache prune no longer evicts out-of-scope entries
  • Bases tool uses cached reads, vault stats optimized
  • Graph traversal capped at depth 3 with maxResults

Type Safety

  • noUncheckedIndexedAccess and noImplicitReturns enabled
  • ~94 indexed-access safety fixes across the codebase
  • ESLint typed linting with no-floating-promises and no-misused-promises
  • Node engine bumped to >=18.18.0

See CHANGELOG.md for the full list.

Breaking Changes

  • `get_tags` renamed to `list_tags` for consistency with other listing tools
  • `delete_note` now requires `confirm: true` for permanent deletes
  • CORS defaults changed from `*` to localhost-only; configure `allowedOrigins` for remote clients

Security Fixes

  • SSRF prevention on embedding URLs (scheme + host validation)
  • Symlink escape prevention in vault traversal
  • Blocked dangerous file extensions (.exe, .bat, .ps1, etc.)
  • SVG XSS mitigation (served as text/plain)
  • javascript:/data:/vbscript: URI blocking in canvas links
  • Security headers added to all HTTP responses
  • Auth failure logging, session ID validation, and file permission hardening implemented
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track rps321321/obsidian-mcp-pro

Get notified when new releases ship.

Sign up free

About rps321321/obsidian-mcp-pro

Feature-complete Obsidian vault MCP server with 23 tools and 3 resources. Full-text search, note CRUD, frontmatter queries, tag management, backlinks, graph traversal (BFS up to 5 hops), orphan/broken link detection, and canvas support. Auto-detects vault, path traversal protection, MIT licensed.

All releases →

Related context

Beta — feedback welcome: [email protected]