TKMD/ReftrixMCP

v0.1.4 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 2mo MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 2 known CVEs

Topics

accessibility claude core-web-vitals design-analysis gdpr layout-analysis

+14 more

mcp mcp-server motion-detection ollama onnx-runtime pgvector playwright reftrix responsive-design semantic-search typescript vector-db wcag web-design

Affected surfaces

auth deps

Summary

AI summary

DOMPurify upgraded to 3.3.2 fixing XSS (CVE-2026-0540).

Full changelog

What's Changed

Fixed

CSS snippet data not saved in Worker path -- Added 5 CSS fields to section_patterns, distributing page-level CSS to sections
BullMQ obliterate removed -- Removed obliterate() to protect waiting/completed jobs
5 code review findings -- Auth checks, queue management, polling interval, docs consistency

Security

CVE-2026-0540: DOMPurify 3.3.2 (XSS fix)
GHSA-qffp-2rhf-9h96: tar >=7.5.10 (hardlink path traversal)
4 hono/node-server alerts resolved

Changed

Registered on Glama MCP server directory

Full Changelog: https://github.com/TKMD/ReftrixMCP/compare/v0.1.3...v0.1.4

Security Fixes

CVE-2026-0540 — DOMPurify upgraded to 3.3.2 fixing XSS
GHSA-qffp-2rhf-9h96 — tar dependency raised to >=7.5.10 preventing hardlink path traversal

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track TKMD/ReftrixMCP

Get notified when new releases ship.

About TKMD/ReftrixMCP

Web design analysis MCP server with 26 tools for layout extraction, motion detection, quality scoring, and semantic search. Uses Playwright, pgvector HNSW, and Ollama Vision to turn web pages into searchable, structured design knowledge.

All releases →