This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
Affected surfaces
ReleasePort's take
Moderate signalv3.0.2 blocks IPv4‑mapped IPv6 loopback bypasses in the SSRF guard, addressing GHSA-pvrj-8cg3-j5f8.
Why it matters: CVE severity 90; patch immediately if your environment uses the SSRF guard to prevent bypass attacks.
Summary
AI summaryGHSA-pvrj-8cg3-j5f8: SSRF guard now blocks IPv4-mapped IPv6 loopback bypass.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Critical |
Blocks IPv4‑mapped IPv6 loopback bypass in SSRF guard (GHSA-pvrj-8cg3-j5f8) Blocks IPv4‑mapped IPv6 loopback bypass in SSRF guard (GHSA-pvrj-8cg3-j5f8) Source: llm_adapter@2026-05-27 Confidence: high |
— |
| Dependency | Low |
Bumps qs dependency from 6.15.0 to 6.15.2 Bumps qs dependency from 6.15.0 to 6.15.2 Source: llm_adapter@2026-05-27 Confidence: high |
— |
Full changelog
What's Changed
- fix: block IPv4-mapped IPv6 loopback bypass in SSRF guard (GHSA-pvrj-8cg3-j5f8) by @ymw0407 in https://github.com/ymw0407/auth-fetch-mcp/pull/9
- chore(deps): Bump qs from 6.15.0 to 6.15.2 by @dependabot[bot] in https://github.com/ymw0407/auth-fetch-mcp/pull/8
- 3.0.2 by @ymw0407 in https://github.com/ymw0407/auth-fetch-mcp/pull/10
New Contributors
- @ymw0407 made their first contribution in https://github.com/ymw0407/auth-fetch-mcp/pull/9
Full Changelog: https://github.com/ymw0407/auth-fetch-mcp/compare/v3.0.1...v3.0.2
Security Fixes
- GHSA-pvrj-8cg3-j5f8 — SSRF guard blocks IPv4-mapped IPv6 loopback bypass
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About ymw0407/auth-fetch-mcp
Fetch content from login-protected web pages (Notion, Google Docs, Jira, Confluence, etc.) by opening a real browser for authentication with persistent session caching.
Related context
Beta — feedback welcome: [email protected]