Serene Bach

v4.0.0-beta.13 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 12d Developer Productivity

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

cgi-support markdown single-binary static-site-generator

Affected surfaces

auth

ReleasePort's take

Light signal

editorial:auto 12d

The Admin UI now includes pagination, search, and sorting across entries, pages, comments, tags, MCP tokens, and webhooks. Security hardening updates affect the MCP OAuth proxy startup and CSRF multipart parsing.

Why it matters: Enhanced admin controls improve operational efficiency; security patches mitigate pre‑auth risks in OAuth proxy and multipart parsing.

Summary

AI summary

Admin UI adds full pagination, search, and sort; SAST-001 hardens MCP OAuth proxy startup; SAST-002 caps CSRF multipart parsing pre‑auth.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Hardened MCP OAuth proxy production startup to improve security. Hardened MCP OAuth proxy production startup to improve security. Source: llm_adapter@2026-05-22 Confidence: low	—
Security	Medium	Limited CSRF multipart parsing pre-auth to enhance security. Limited CSRF multipart parsing pre-auth to enhance security. Source: llm_adapter@2026-05-22 Confidence: low	—
Feature
Feature	Medium	Admin UI now supports list pagination, search, and sorting. Admin UI now supports list pagination, search, and sorting. Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	Admin entries page implements server-side pagination, search, and sorting. Admin entries page implements server-side pagination, search, and sorting. Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	Admin UI extends pagination/search/sort to pages and comments. Admin UI extends pagination/search/sort to pages and comments. Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	Admin UI adds sortable headers on tags, MCP tokens, and webhooks. Admin UI adds sortable headers on tags, MCP tokens, and webhooks. Source: llm_adapter@2026-05-22 Confidence: high	—

Full changelog

What's Changed

SAST-001: harden MCP OAuth proxy production startup by @takkyun in https://github.com/serendipitynz/serenebach/pull/97
SAST-002: cap CSRF multipart parsing pre-auth by @takkyun in https://github.com/serendipitynz/serenebach/pull/98
admin: foundation for list pagination/search/sort UX work by @takkyun in https://github.com/serendipitynz/serenebach/pull/99
admin/entries: server-side pagination, search, and sorting by @takkyun in https://github.com/serendipitynz/serenebach/pull/100
admin: roll out list pagination/search/sort to pages and comments by @takkyun in https://github.com/serendipitynz/serenebach/pull/101
admin: sortable headers on tags / MCP tokens / webhooks by @takkyun in https://github.com/serendipitynz/serenebach/pull/102

Full Changelog: https://github.com/serendipitynz/serenebach/compare/v4.0.0-beta.12...v4.0.0-beta.13

Security Fixes

SAST-002: cap CSRF multipart parsing pre‑auth to prevent abuse

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Serene Bach

Get notified when new releases ship.

About Serene Bach

All releases →