ThinkneoAI/mcp-server

v3.0.0 Security

This release includes 4 security fixes for security teams reviewing exposed deployments.

Published 1mo MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 4 known CVEs

Topics

a2a-protocol agent-to-agent ai-governance enterprise finops guardrails

+2 more

mcp model-context-protocol

Summary

AI summary

Minor fixes and improvements.

Full changelog

Test Suite: 286 tests, 0 failures

| Category | Tests | Status |
|----------|-------|--------|
| Unit (59 tools) | 141 | All passing |
| Adversarial (injection + PII + hypothesis) | 78 + 24 xfail | Zero regressions |
| Security (SQLi, SSRF, path traversal, auth) | 52 | All passing |
| Regression (inventory, JSON validity) | 10 | All passing |
| Performance (P99 latency) | 5 | All passing |

Security

SAST: bandit 0 HIGH findings
THREAT_MODEL.md: STRIDE analysis published
AUDIT_REPORT.md: Full methodology and results
All SQL queries parameterized
SSRF protection on marketplace
Auth required on write_memory
Path traversal blocked on memory tools

What's New Since v2.1.2

Complete test suite (286 tests from zero)
THREAT_MODEL.md (STRIDE analysis)
AUDIT_REPORT.md (security audit)
.bandit.yaml (SAST config)
CI with real quality gates
Property-based fuzzing (hypothesis)

Security Fixes

All SQL queries parameterized
SSRF protection added on marketplace endpoint
Authentication now required for write_memory operation
Path traversal blocked on memory tools

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track ThinkneoAI/mcp-server

Get notified when new releases ship.

About ThinkneoAI/mcp-server

ThinkNEO Control Plane — Enterprise AI governance MCP server with runtime guardrails, observability, AI FinOps, and agent lifecycle control.

All releases →