This release includes 2 security fixes for security teams reviewing exposed deployments.
Topics
+14 more
Affected surfaces
Summary
AI summaryAdded SSRF protection for create_drive_file and included missing OAuth 2.1 fields in the refresh token store.
Full changelog
What's Changed
- fix issues/443 by @taylorwilsdon in https://github.com/taylorwilsdon/google_workspace_mcp/pull/444
- fix: use getContent() instead of get() for Apps Script file retrieval by @Leandro3996 in https://github.com/taylorwilsdon/google_workspace_mcp/pull/442
- fix: cli mode google functions by @taylorwilsdon in https://github.com/taylorwilsdon/google_workspace_mcp/pull/450
- fix: prune logs & persist refresh by @taylorwilsdon in https://github.com/taylorwilsdon/google_workspace_mcp/pull/451
- Bump cryptography from 46.0.4 to 46.0.5 in the uv group across 1 directory by @dependabot[bot] in https://github.com/taylorwilsdon/google_workspace_mcp/pull/454
- fix: add SSRF protection to create_drive_file by @consciousfounders in https://github.com/taylorwilsdon/google_workspace_mcp/pull/453
- enh: add message id headers for proper threading in in non-gmail clients by @taylorwilsdon in https://github.com/taylorwilsdon/google_workspace_mcp/pull/458
- fix(auth): add cross-service Drive scopes for docs and sheets tools by @Milofax in https://github.com/taylorwilsdon/google_workspace_mcp/pull/432
- fix: Issues/440 by @taylorwilsdon in https://github.com/taylorwilsdon/google_workspace_mcp/pull/459
- Update GitHub Actions workflows: standardize action versions and add Docker publish workflow by @DrFaust92 in https://github.com/taylorwilsdon/google_workspace_mcp/pull/346
- fix: clean up bodyparams logic by @taylorwilsdon in https://github.com/taylorwilsdon/google_workspace_mcp/pull/467
- Potential fix for code scanning alert no. 51: Workflow does not contain permissions by @taylorwilsdon in https://github.com/taylorwilsdon/google_workspace_mcp/pull/463
- fix: add missing token_uri, client_id, client_secret to OAuth 2.1 refresh store_session by @NxFerrara in https://github.com/taylorwilsdon/google_workspace_mcp/pull/469
Huge thank you to all our new contributors! The pace of development has grown significantly and we're thrilled to have ya :D
New Contributors
- @Leandro3996 made their first contribution in https://github.com/taylorwilsdon/google_workspace_mcp/pull/442
- @consciousfounders made their first contribution in https://github.com/taylorwilsdon/google_workspace_mcp/pull/453
- @Milofax made their first contribution in https://github.com/taylorwilsdon/google_workspace_mcp/pull/432
- @DrFaust92 made their first contribution in https://github.com/taylorwilsdon/google_workspace_mcp/pull/346
- @NxFerrara made their first contribution in https://github.com/taylorwilsdon/google_workspace_mcp/pull/469
Full Changelog: https://github.com/taylorwilsdon/google_workspace_mcp/compare/v1.10.7...v1.11.1
Security Fixes
- Added SSRF protection to create_drive_file
- Added missing token_uri, client_id, and client_secret fields to OAuth 2.1 refresh store_session
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About taylorwilsdon/google_workspace_mcp
Comprehensive Google Workspace MCP server with full support for Google Calendar, Drive, Gmail, and Docs, Forms, Chats, Slides and Sheets over stdio, Streamable HTTP and SSE transports.
Related context
Beta — feedback welcome: [email protected]