Skip to content

ThinkneoAI/mcp-server

v2.1.2 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 1mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 3 known CVEs

Topics

a2a-protocol agent-to-agent ai-governance enterprise finops guardrails
+2 more
mcp model-context-protocol

Affected surfaces

auth rbac

Summary

AI summary

Added 46 new tools across governance, marketplace, observability, ROI, validation, and trust score categories.

Full changelog

What's New

46 Tools across 11 categories

  • Governance (8): spend tracking, guardrails, policy, budget, alerts, compliance
  • Free Tier (4): safety check, usage stats, memory read/write
  • Smart Router (3): model routing, savings reports, savings simulator
  • Marketplace (5): search, get, publish, review, install
  • Trust Score (2): evaluate trust, public badge
  • A2A Bridge (4): MCP↔A2A translation, agent card generation
  • A2A Governance (4): interaction logging, policy, flow mapping, audit
  • Observability (5): traces, events, dashboards
  • Value/ROI (7): decisions, costs, impact, waste detection, baselines
  • Outcome Validation (4): claims, verification, proof, dashboard

Security Hardening

  • SSRF protection on marketplace endpoint validation
  • write_memory requires authentication
  • Ownership checks on marketplace publish
  • Connection pooling (psycopg_pool)
  • functools.wraps on free-tier wrapper
  • Dual auth system conflict resolved

Quality

  • All 46 tools have ToolAnnotations (readOnlyHint + idempotentHint)
  • All descriptions >120 characters
  • Enriched glama.json and server.json metadata
  • 94/94 E2E + security tests passing

Security Fixes

  • SSRF protection added to marketplace endpoint validation
  • `write_memory` operation now requires authentication
  • Ownership verification enforced for marketplace publish actions
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track ThinkneoAI/mcp-server

Get notified when new releases ship.

Sign up free

About ThinkneoAI/mcp-server

ThinkNEO Control Plane — Enterprise AI governance MCP server with runtime guardrails, observability, AI FinOps, and agent lifecycle control.

All releases →

Related context

Beta — feedback welcome: [email protected]