Skip to content

Release history

n24q02m/better-notion-mcp releases

Markdown-first Notion MCP server with 9 composite tools and 39 actions. ~77% token reduction via tiered docs. Auto-pagination and bulk operations.

Back to tool Latest release

All releases

81 shown

No immediate action
v2.34.4 Maintenance

Routine maintenance and dependency updates.

Open
No immediate action
v2.34.3 Maintenance

Routine maintenance and dependency updates.

Open
Upgrade now
v2.34.2 Bug fix
Auth

Stable OAuth refresh_token

Open
No immediate action
v2.34.1 Bug fix

authScope ternary fix

Open
No immediate action
v2.34.0 Maintenance

Routine maintenance and dependency updates.

Open
v2.30.6 Security relevant
Security fixes
  • CVE-2026-XXXXX — mcp‑core fork‑bomb fix in version 1.11.5
Full changelog

v2.30.6 (2026-04-29)

Bug Fixes

  • Rebuild against mcp-core 1.11.5 fork-bomb fix (#620, b1bf88a)

Detailed Changes: v2.30.5...v2.30.6

View release on GitHub
v2.30.4 Bug fix

Fixed passing RELAY_SCHEMA as eagerRelaySchema for stdio mode.

Full changelog

v2.30.4 (2026-04-29)

Bug Fixes

  • Pass RELAY_SCHEMA as eagerRelaySchema for stdio mode + bump mcp-core to 1.11.3 (#616, fa2c547)

  • Pin @latest in plugin.json to bypass npx cache stale versions (#614, 1eef664)

  • Register config__open_relay tool (Transparent Bridge Wave 3) (#614, 1eef664)

Detailed Changes: v2.30.3...v2.30.4

View release on GitHub
v2.30.3 Bug fix

Fixed local relay testing by switching plugin.json to stdio proxy and registered config__open_relay tool.

Full changelog

v2.30.3 (2026-04-29)

Bug Fixes

  • Register config__open_relay tool (Transparent Bridge Wave 3) (#612, a948941)

  • Switch plugin.json to stdio proxy for local relay testing (#609, 9195dea)

  • deps: Bump @n24q02m/mcp-core to 1.10.0 — Transparent Bridge waves 1-3 (#609, 9195dea)

Detailed Changes: v2.30.2...v2.30.3

View release on GitHub
v2.30.2 Bug fix

Fixed documentation of MCP_MODE remote-oauth vs local-relay setup.

Full changelog

v2.30.2 (2026-04-28)

Bug Fixes

  • Document MCP_MODE remote-oauth vs local-relay in setup docs (#606, 6789f86)

  • deps: Bump @n24q02m/mcp-core to 1.10.0 — Transparent Bridge waves 1-3 (#608, 984dbdc)

Detailed Changes: v2.30.1...v2.30.2

View release on GitHub
v2.30.0 Maintenance
Notable features
  • Added ## E2E section to CLAUDE.md per Task 21 docs rollout
Full changelog

v2.30.0 (2026-04-27)

Bug Fixes

Chores

Features

  • Add ## E2E section to CLAUDE.md per Task 21 docs rollout (#597, 327bf30)

  • Add ## E2E section to CLAUDE.md per Task 21 docs rollout (#595, 4c88af1)

Detailed Changes: v2.29.2-beta.1...v2.30.0

View release on GitHub
v2.29.0 New feature
Notable features
  • Migrate stdio transport to 1‑Daemon architecture (runSmartStdioProxy)
Full changelog

v2.29.0 (2026-04-24)

Bug Fixes

  • Bump @n24q02m/mcp-core to ^1.7.0 for transport subpath export (#583, bc6a910)

  • Regenerate bun.lock after @n24q02m/mcp-core 1.7.5 bump (#589, 7e43296)

  • Regenerate bun.lock after @n24q02m/mcp-core 1.7.5 bump (#579, f0015a9)

  • Report per-JWT-sub has_token in remote-oauth config status (#589, 7e43296)

  • deps: Update non-major dependencies (#589, 7e43296)

  • deps: Update non-major dependencies (#579, f0015a9)

Chores

Features

  • Migrate stdio transport to 1-Daemon architecture (runSmartStdioProxy) (6093949)

Detailed Changes: v2.28.10...v2.29.0

View release on GitHub
v2.28.9 Bug fix

Fixed relay form follow redirect_url by bumping @n24q02m/mcp-core to 1.6.3.

Full changelog

v2.28.9 (2026-04-22)

Bug Fixes

  • Bump @n24q02m/mcp-core to 1.6.3 (relay form follow redirect_url) (#576, 816e4ae)

Detailed Changes: v2.28.8...v2.28.9

View release on GitHub
v2.28.7 Bug fix

Fixed onTokenReceived handler to return sub value.

Full changelog

v2.28.7 (2026-04-22)

Bug Fixes

  • Bump @n24q02m/mcp-core to 1.6.2 + return sub from onTokenReceived (#573, e017691)

Detailed Changes: v2.28.6...v2.28.7

View release on GitHub
v2.28.5 Maintenance

Minor fixes and improvements.

Full changelog

v2.28.5 (2026-04-21)

Bug Fixes

  • Bump actions/setup-node digest to 48b55a0 (070534a)

  • Bump oven/bun:1-alpine docker digest to 4de4753 (65684e9)

  • Bump step-security/harden-runner digest to 8d3c67d (8f11d19)

Detailed Changes: v2.28.4...v2.28.5

View release on GitHub
v2.28.4 Security relevant
Security fixes
  • Prevent command injection in tryOpenBrowser via URL safety validator
Full changelog

v2.28.4 (2026-04-21)

Bug Fixes

  • Persist token + notify relay safely in local-relay mode (1d5b2d9)

  • Prevent command injection in tryOpenBrowser via URL safety validator (a798afe)

  • Stdio fallback spawns local HTTP, never hits remote URL (df721e0)

  • deps: Bump mcp-core to 1.4.3 (41eb9c5)

  • deps: Lock file maintenance (eventsource-parser 3.0.7->3.0.8) (8a356d9)

  • deps: Update actions/upload-artifact digest to 043fb46 (4e4bee5)

  • deps: Update oven/bun:1-alpine docker digest to 26d8996 (4f44e18)

  • deps: Update step-security/harden-runner digest to 6c3c2f2 (04a5282)

Detailed Changes: v2.28.3...v2.28.4

View release on GitHub
v2.28.1 Bug fix

Restored http remote-oauth default mode to fix regression.

Full changelog

v2.28.1 (2026-04-20)

Bug Fixes

  • Restore http remote-oauth default mode (regression from #517) (#554, 55f1eaa)

Detailed Changes: v2.28.0...v2.28.1

View release on GitHub
v2.28.0 Bug fix

Fixed N+1 query issue in fetchChildrenRecursive and added caching for bot info.

Full changelog

v2.28.0 (2026-04-19)

Bug Fixes

  • Bump n24q02m-mcp-core to 1.4.0 (#551, 19a9644)

  • comments: Clarify external Notion API limitation in comments (#456, 8eee919)

  • deps: Update non-major dependencies (#543, 65fc722)

  • pagination: Resolve N+1 query issue in fetchChildrenRecursive (#531, 1a82f2b)

  • workspace: Add caching for bot info (#517, 0a18513)

  • workspace: Add caching for bot info and fix linting (#517, 0a18513)

Chores

  • deps: Lock file maintenance (#544, 9c3f3d6)

  • deps: Update actions/create-github-app-token digest to 1b10c78 (#545, bde222b)

Performance Improvements

  • Optimize tool name caching in registry (#505, 889b9e2)

  • errors: Optimize findClosestMatch by hoisting bigram calculations (#540, a742817)

Testing

  • Add robust tests for startServer in main.ts (#525, fc4140a)

Detailed Changes: v2.28.0-beta.1...v2.28.0

View release on GitHub
v2.27.6 Security relevant
Security fixes
  • CVE-2026-#### — authlib vulnerability patched by upgrading @n24q02m/mcp-core to 1.2.0
Full changelog

v2.27.6 (2026-04-17)

Bug Fixes

  • Bump @n24q02m/mcp-core to 1.2.0 (authlib CVE + auto-issue CD) (d9ba489)

Detailed Changes: v2.27.5...v2.27.6

View release on GitHub
v2.27.5 Bug fix

Fixed OAuth issuer bug by bumping @n24q02m/mcp-core to 1.1.1.

Full changelog

v2.27.5 (2026-04-17)

Bug Fixes

  • Bump @n24q02m/mcp-core to 1.1.1 for OAuth issuer fix (4656530)

  • Bump version to rebuild with mcp-core 1.1.1 (aacc455)

Detailed Changes: v2.27.4...v2.27.5

View release on GitHub
v2.27.4 Bug fix

Fixed container bind address override by allowing HOST env variable.

Full changelog

v2.27.4 (2026-04-17)

Bug Fixes

  • Allow HOST env override for container bind address (3b7f0eb)

  • Remove direct better-sqlite3 dep; add trustedDependencies for Bun script skip (43fcd3b)

  • Sync version files to match v2.27.4 tag for PSR compatibility (4ebafe2)

Chores

  • Ignore AI assistant traces (4207a2e)

Detailed Changes: v2.27.3...v2.27.4

View release on GitHub
v2.27.3 Bug fix

Fixed file builds by ensuring python3, make, and g++ are installed for better-sqlite3.

Full changelog

v2.27.3 (2026-04-13)

Bug Fixes

  • Install python3+make+g++ for better-sqlite3 source build (0f11f8e)

Detailed Changes: v2.27.2...v2.27.3

View release on GitHub
v2.27.2 Bug fix

Fixed better‑sqlite3 compatibility by pinning the Bun image to Alpine version 7ed9f74.

Full changelog

v2.27.2 (2026-04-13)

Bug Fixes

  • Pin Bun image to alpine 7ed9f74 for better-sqlite3 compat (3c38c6e)

Detailed Changes: v2.27.1...v2.27.2

View release on GitHub
v2.27.0 Breaking risk
Breaking changes
  • Removed dependency `mcp-relay-core` and replaced it with `@n24q02m/mcp-core` (commit a729e7d).
  • Changed default transport to HTTP; `--stdio` flag retained for backward compatibility (commit fb99551).
  • Relay URL now emitted in tool response instead of stderr (commit 36a6f56).
Notable features
  • Cross‑OS CI matrix added for Ubuntu, Windows, and macOS.
  • Setup tool introduced for credential management via relay.
Full changelog

v2.27.0 (2026-04-13)

Bug Fixes

  • Add tests for credential state (#459, 247af7f)

  • Add tests for isSafeUrl error path (#460, c7045a7)

  • Add tests for startServer in main (#474, d723dc5)

  • Bump @n24q02m/mcp-core to 1.0.0-beta.4 (2d37987)

  • Bump @n24q02m/mcp-core to ^1.0.0 stable (7197316)

  • Clarify security check comment in isSafeUrl (8fbd284)

  • Correct README tool count to 10 and add missing setup tool (081554e)

  • Delete .Jules directory (28bb83b)

  • Delete .jules_review_request.json (f6bebb8)

  • Enhance relay setup security and logging (#439, 2431716)

  • Enhance relay setup security and logging (final) (#439, 2431716)

  • Force LF line endings in .gitattributes to unblock Windows CI (3918aec)

  • Handle Notion API Object Not Found in comments.list (2e7f055)

  • Loop optimization in extractPlainText (301e220)

  • Make Notion token error message more actionable (ebc5e69)

  • Optimize parseTable with single-pass manual loop (778b8d0)

  • Pin @n24q02m/mcp-core to published 1.0.0-beta.3 instead of local editable path (7427a6e)

  • Potential path traversal in documentation reading (b31378d)

  • Sync local changes from workspace (c294f8c)

  • Update comment reference from mcp-relay-core to mcp-core (a43d630)

  • Update docker/build-push-action digest to bcafcac (402c9c6)

  • Update oven/bun:1-alpine docker digest to 26d8996 (160b857)

  • security: Update dependencies to fix npm audit vulnerabilities (17177d0)

Chores

Features

  • Add cross-OS CI matrix (ubuntu/windows/macos) (c998e40)

  • Add setup tool for credential management via relay (0606ce7)

  • Default to HTTP transport, --stdio for backward compat (fb99551)

  • Migrate from mcp-relay-core to mcp-core (a729e7d)

  • Migrate HTTP transport to mcp-core runLocalServer (83773a8)

  • Show relay URL in tool response instead of just stderr (36a6f56)

Performance Improvements

  • markdown: Optimize parseTable with single-pass manual loop (778b8d0)

  • pagination: Optimize block tree traversal and batch processing (#437, fdabd87)

  • pagination: Optimize block tree traversal and batch processing (Acknowledged PR closure) (#437, fdabd87)

Refactoring

  • Simplify parseRichText with InlineParser class (#436, 7e2aa79)

Testing

  • 🧪 [TEST] Missing test file for relay-schema.ts (#442, 70a5dc0)

  • 🧪 [TEST] Missing test file for relay-schema.ts (final acknowledgement) (#442, 70a5dc0)

Detailed Changes: v2.26.0...v2.27.0

View release on GitHub
v2.26.0 New feature
Notable features
  • Migrate code review from Qodo to CodeRabbit
Full changelog

v2.26.0 (2026-04-07)

Bug Fixes

  • Remove BETA markers and promote relay as primary setup method (c8814e9)

  • databases: Refactor queryDatabase complexity (#406, 8ff5171)

  • deps: Update dependency @n24q02m/mcp-relay-core to ^1.4.0 (#392, c8054d1)

Features

  • Migrate code review from Qodo to CodeRabbit (#415, 8485a3f)

Performance Improvements

  • markdown: Optimize table rendering loop (#395, 7fb64ba)

Refactoring

  • Abstract handleNotionError switch statement into NOTION_ERROR_MAP (#399, de5076a)

Testing

  • 🧪 [TEST] handle known Notion API bug in comments.list live test (#409, 21a5d55)

  • 🧪 [TEST] Missing edge case tests in normalizeId for non-hex strings (#398, e746e94)

  • 🧪 [TEST] Missing error path test in security.ts (relative URLs) (#407, 6c8d4d6)

  • 🧪 [TEST] Untested main module entrypoint mode selection (#404, 7e3ad39)

Detailed Changes: v2.25.0...v2.26.0

View release on GitHub
v2.25.0 New feature
Notable features
  • Non-blocking relay with state machine and lazy trigger
Full changelog

v2.25.0 (2026-04-06)

Bug Fixes

  • Mark relay as BETA, promote env vars as primary setup method (ef708cb)

Features

  • Non-blocking relay with state machine and lazy trigger (ca2d637)

Detailed Changes: v2.24.0...v2.25.0

View release on GitHub
v2.24.0 Bug fix
Notable features
  • Added agent/manual setup guides, simplified README and cleaned up repository root
Full changelog

v2.24.0 (2026-04-04)

Bug Fixes

  • Consolidated Jules PR review - security, perf, tests, deps (#391, e72af13)

  • Scope marketplace sync token to claude-plugins repo (6c8f518)

Features

  • Add agent/manual setup guides, simplify README, cleanup root (7e97edc)

Detailed Changes: v2.23.0...v2.24.0

View release on GitHub
v2.22.1 Maintenance

Minor fixes and improvements.

Full changelog

v2.22.1 (2026-03-31)

Bug Fixes

Chores

Continuous Integration

  • Fix Qodo vertex_ai config and VERTEXAI_LOCATION (50d5dd2)

  • cd: Add plugin marketplace sync on stable release (4721e14)

Performance Improvements

  • ⚡ Bolt: Optimize parseRichText to prevent O(N^2) lookaheads (#315, bc3290a)

Testing

  • Improve coverage to 96.31% statements (#319, c8268df)

Detailed Changes: v2.22.0...v2.22.1

View release on GitHub
v2.22.0 New feature
Notable features
  • Relay-first startup — always show relay URL
Full changelog

v2.22.0 (2026-03-28)

Bug Fixes

  • Bump @n24q02m/mcp-relay-core from ^0.1.0 to ^1.0.8 (1e16dc3)

  • Credential resolution order -- relay only when no local credentials (aa24bbb)

  • Pin Docker base images to SHA digests (120982e)

  • Pin pre-commit hooks to commit SHA (3742ebb)

  • Revert mcpServers to HTTP mode (OAuth, zero-config) (757a54d)

  • Send complete message to relay page after config saved (9d00cc2)

  • Use inline fetch for relay complete message (9d4f2b6)

  • 🛡️ Sentinel: Medium Fix expected validation failure in error serialization (#294, 244c958)

  • cd: Remove empty env blocks from OIDC migration (fae0500)

  • cd: Replace GH_PAT with GitHub App installation token (8977566)

  • cd: Use npm OIDC provenance instead of NPM_TOKEN (21eb8bf)

  • ci: Consolidate SMTP_USERNAME and NOTIFY_EMAIL into one secret (1d6237e)

  • ci: Consolidate SMTP_USERNAME+PASSWORD into SMTP_CREDENTIAL (e903ae0)

  • ci: Remove CODECOV_TOKEN, use tokenless upload (2f1a50d)

  • ci: Use Vertex AI WIF instead of GEMINI_API_KEY for code review (7bf27a4)

  • deps: Update non-major dependencies (#286, c7eaa6a)

Chores

  • deps: Lock file maintenance (#311, 1feb157)

  • deps: Lock file maintenance (#306, 07725d9)

  • deps: Update actions/create-github-app-token action to v3 (#308, a17f4de)

  • deps: Update codecov/codecov-action action to v6 (#304, c1644a7)

  • deps: Update google-github-actions/auth action to v3 (#309, 8ced7a8)

Code Style

  • Fix Biome formatting in plugin/extension JSON files (9a39b17)

Features

  • Relay-first startup — always show relay URL (f475031)

Detailed Changes: v2.21.0...v2.22.0

View release on GitHub
v2.21.0 Maintenance

Minor fixes and improvements.

Full changelog

v2.21.0 (2026-03-26)

Chores

  • Add server.json to PSR version_variables, sync version (3bd3f9a)

  • Clean up plugin manifest, fix mcpServers mode (06bc4e3)

Documentation

  • Fix marketplace references, improve Gemini CLI extension config (98d1128)

  • Standardize README structure (17d78a7)

Detailed Changes: v2.21.0-beta.1...v2.21.0

View release on GitHub
v2.20.0 Bug fix

Fixed Notion API response format handling in full tests.

Full changelog

v2.20.0 (2026-03-24)

Bug Fixes

  • Add gitleaks secret detection to pre-commit hooks (0c788ba)

  • Exclude live tests from default vitest run (ccd9273)

  • Fix Notion API response format handling in full tests (56d2347)

  • Improve full test resilience for Notion API responses (1bdd97b)

  • Resolve lint errors in full test files (09bac15)

Detailed Changes: v2.20.0-beta.2...v2.20.0

View release on GitHub
v2.19.2 Security relevant
Security fixes
  • Disable `x-powered-by` header (low‑severity hardening).
  • Strip sensitive fields from `error.details` to prevent information leakage.
Full changelog

v2.19.2 (2026-03-20)

Bug Fixes

  • Update AGENTS.md file structure, fix SECURITY.md (d09cfa1)

  • Update PRIVACY.md and remove .jules artifact (#278, 904eea5)

  • 🛡️ Sentinel: [Low] Disable x-powered-by header (#264, bc51950)

  • 🛡️ Sentinel: [Low] Strip sensitive fields from error.details (#276, 9927873)

Chores

  • deps: Lock file maintenance (#256, 363d966)

  • deps: Update codecov/codecov-action digest to 1af5884 (#259, 8f514fe)

  • deps: Update dawidd6/action-send-mail action to v16 (#261, 6820e90)

Performance Improvements

  • Optimize markdown multiline prefix generation (#257, 653ef13)

Detailed Changes: v2.19.1...v2.19.2

View release on GitHub
v2.19.1 Security relevant
Security fixes
  • trust proxy changed from true to numeric value 2
Full changelog

v2.19.1 (2026-03-17)

Bug Fixes

  • security: Set trust proxy to 2 instead of true (cec747b)

Detailed Changes: v2.19.0...v2.19.1

View release on GitHub
v2.19.0 Security relevant
Security fixes
  • Prevent protocol obfuscation bypass in isSafeUrl ([#230](https://github.com/n24q02m/better-notion-mcp/pull/230))
Notable features
  • Add Glama.ai badge to README
Full changelog

v2.19.0 (2026-03-17)

Bug Fixes

  • Add status property type conversion in convertToNotionProperties (#251, c7fba95)

  • Clear validation error when pages[] items missing properties wrapper (3fa2022)

  • Escape HTML in OAuth test callback to prevent reflected XSS (52456be)

  • Move pages[] validation before batch, add index, guard update_page (ec2bf8d)

  • Remove unused batchItems function (#237, 5748a99)

  • Render nested children in blocksToMarkdown (85d739b)

  • Replace console.log with console.info in http transport (#233, 44f63fa)

  • Strip explicit sensitive fields in enhanceError (#243, 8719e19)

  • Use NotionMCPError for token refresh failure (#232, 426aa50)

  • ci: Use pull_request_target for jobs requiring secrets (05020b8)

  • deps: Update non-major dependencies (#227, 2ff05bd)

  • security: Prevent protocol obfuscation bypass in isSafeUrl (#230, 1c01c6f)

Chores

  • Add glama.json for Glama directory listing (4a45e63)

  • Remove unused splitText function from richtext.ts (#241, 1f5b8de)

  • Standardize repo files across MCP server portfolio (f7fd74c)

  • deps: Update dawidd6/action-send-mail action to v15 (#254, 9afbaf0)

  • deps: Update oven-sh/setup-bun digest to 0c5077e (#253, 95efaba)

  • deps: Update step-security/harden-runner digest to fa2e9d6 (#255, 7617045)

Documentation

  • Add better-telegram-mcp to Also by section (4ff6f57)

  • Add image/file reading guidance for LLM consumers (c9ab321)

Features

  • Add Glama.ai badge to README (4ab470d)

Refactoring

  • Extract MarkdownParser class from markdownToBlocks function (#249, 79426a5)

Testing

  • properties: Add edge case tests for status property conversion (#251, c7fba95)

Detailed Changes: v2.18.0...v2.19.0

View release on GitHub
v2.17.0 Security relevant
Security fixes
  • Add protocol check in OAuth callback handler to reject unsafe URI protocols (javascript:, data:, vbscript:, file:) preventing XSS and open redirects
Notable features
  • Optimize string accumulation in rich text processing
Full changelog

v2.17.0 (2026-03-10)

Bug Fixes

  • [perf] optimize text extraction from rich text arrays (#204, 9955367)

  • Add .jules/ and JULES.md to gitignore (5f13ecd)

  • Block unsafe redirect URI protocols to prevent XSS\n\n- Add protocol check in OAuth callback handler to prevent Open Redirects and XSS vulnerabilities via javascript:, data:, vbscript:, and file: protocols.\n- Add unit test to verify that unsafe redirect URIs are properly rejected.\n- Document the learning in .jules/sentinel.md as per guidelines. (#203, 470af68)

  • Format .infisical.json and renovate.json for Biome compliance (6695742)

  • Optimize text extraction from rich text arrays (#204, 9955367)

  • Remove commit-message-check job (7797f9f)

  • Replace map/filter chains with single-pass loops (51a65c9)

  • Standardize CI with PR title check, email notify, and templates (10778e2)

  • Sync CI/CD configs and standardize templates (034dff2)

  • ci: Pin PSR v10, Python 3.13, Node 24, Java 21 in Renovate (01ad73e)

Chores

Code Style

  • Fix biome formatting for long assertion line (2d8c797)

Continuous Integration

Features

  • Optimize string accumulation in rich text processing (#204, 9955367)

Performance Improvements

  • Optimize text extraction from rich text arrays (#204, 9955367)

Testing

  • Increase coverage to 95%+ lines (6fe11d9)

Detailed Changes: v2.16.0...v2.17.0

View release on GitHub
v2.16.0 New feature
Security fixes
  • Add rate limiting to MCP endpoints — mitigates abuse vector by restricting request frequency.
Notable features
  • Icon format detection and cover shorthand support
Full changelog

v2.16.0 (2026-03-08)

Bug Fixes

  • Handle inline summary and nested toggles in markdown parser (#194, 88e6be2)

  • ci: Fix Qodo PR review for external contributors (fca5a36)

  • comments: Improve error messages for Notion API limitations (f147c0d)

  • security: Add rate limiting to MCP endpoints (47dbfe4)

Chores

  • Fix biome 2.4.6 schema version and formatting (#194, 88e6be2)

Features

  • Add icon format detection and cover shorthand support (#195, 491f9fe)

Detailed Changes: v2.15.3-beta.1...v2.16.0

View release on GitHub
v2.15.1 Bug fix

Fixed auth grace period fallback by using a one-shot pending bind.

Full changelog

v2.15.1 (2026-03-08)

Bug Fixes

  • auth: Replace grace period fallback with one-shot pending bind (1f274b7)

Detailed Changes: v2.15.0...v2.15.1

View release on GitHub
v2.13.1 Bug fix

Fixed callout emoji encoding and added recursive children fetch.

Full changelog

v2.13.1 (2026-03-07)

Bug Fixes

  • Correct callout emoji encoding and add recursive children fetch (d17abbe)

Detailed Changes: v2.13.0...v2.13.1

View release on GitHub
v2.12.6 Breaking risk
⚠ Upgrade required
  • Add Docker LABEL annotation before re‑adding the OCI package to server.json.
Breaking changes
  • Removed 'OCI' entry from server.json configuration file
Full changelog

v2.12.6 (2026-03-06)

Bug Fixes

  • Remove OCI package from server.json until Docker LABEL annotation added (8b931fd)

Detailed Changes: v2.12.5...v2.12.6

View release on GitHub
v2.12.5 Bug fix

Fixed OCI identifier handling to retain the latest version during MCP Registry publish.

Full changelog

v2.12.5 (2026-03-06)

Bug Fixes

  • Keep OCI identifier as latest in MCP Registry publish (8a70399)

Continuous Integration

  • Skip Qodo AI review for bot-created PRs (bde0e54)

Detailed Changes: v2.12.4...v2.12.5

View release on GitHub
v2.12.4 Bug fix

Fixed handling of OCI package version in MCP Registry publish.

Full changelog

v2.12.4 (2026-03-06)

Bug Fixes

  • Handle OCI package version in MCP Registry publish (180ce28)

Detailed Changes: v2.12.3...v2.12.4

View release on GitHub
v2.12.3 Maintenance

Minor fixes and improvements.

Full changelog

v2.12.3 (2026-03-06)

Bug Fixes

  • Update server.json version dynamically in MCP Registry publish job (6e7d0b2)

Detailed Changes: v2.12.2...v2.12.3

View release on GitHub
v2.12.2 Bug fix

Fixed MCP Registry ownership validation by adding the mcpName field.

Full changelog

v2.12.2 (2026-03-06)

Bug Fixes

  • Add mcpName field for MCP Registry ownership validation (ee2e5a7)

Detailed Changes: v2.12.1...v2.12.2

View release on GitHub
v2.12.1 Bug fix

Shorten server.json description to comply with MCP Registry 100‑char limit.

Full changelog

v2.12.1 (2026-03-06)

Bug Fixes

  • Shorten server.json description to comply with MCP Registry 100-char limit (2ae0220)

Documentation

  • Add compatible-with badges and cross-links to sibling MCP servers (e23917b)

  • Add MCP client keywords to package.json for npm discoverability (4fdeeb9)

  • Add server.json and MCP Registry publish step to CD workflow (479d220)

  • Update compatible-with badges - add Antigravity, Gemini CLI, Codex, OpenCode (24824d5)

Detailed Changes: v2.12.0...v2.12.1

View release on GitHub
v2.12.0 New feature
Notable features
  • Enhance Phase 5 live test with per-action validation
Full changelog

v2.12.0 (2026-03-06)

Bug Fixes

  • Update Codecov badge in README.md (3c7873a)

Chores

  • deps: Update dependency @biomejs/biome to ^2.4.6 (#179, 43bde59)

Code Style

  • Fix biome formatting in live test script (6840ac1)

Features

  • Enhance Phase 5 live test with per-action validation (74d3bd3)

Testing

  • Add Phase 5 live MCP protocol test (7ce2e00)

Detailed Changes: v2.11.0...v2.12.0

View release on GitHub
v2.11.0 Security relevant
Security fixes
  • **Feature**: Validate external URLs to prevent XSS attacks (no CVE ID provided)
Notable features
  • Validate external URLs to prevent XSS attacks
Full changelog

v2.11.0 (2026-03-03)

Bug Fixes

  • Delete .vscode directory (f9190e4)

  • Lint and format errors from biome 2.4.5 (8c900b5)

  • deps: Lock file maintenance (PR #145) (265057a)

  • deps: Pin dependencies (PR #141) (d1c725c)

  • deps: Update actions/checkout action to v6 (PR #166) (566ec89)

  • deps: Update bun.lock (ba6d394)

  • deps: Update github artifact actions (PR #143) (3a2a6e4)

  • deps: Update non-major dependencies (PR #142) (833fff6)

  • perf: Hoist regular expressions in markdown parsing (#171, e9ca999)

  • perf: Optimize database property extraction (#150, ba4b655)

  • perf: Optimize duplicatePage with parallel fetching (#156, 81ef18b)

  • perf: Optimize getPageProperty relation extraction (#152, 7bd6ed9)

  • perf: Optimize Notion property extraction loop overhead (#170, 945de49)

  • perf: Optimize page content replacement with streaming deletion (#161, bcadfe8)

  • perf: Optimize rich text helper functions (#146, b8b5202)

  • richtext: Truncate edge case for small lengths (#155, ee9a4fb)

  • security: Apply safe url check to markdown links (7a241a8)

  • types: Add strong typing to databases tool response (#157, 944ba57)

  • types: Refactor pages tool to use strict return types (#159, cb9780f)

  • windows: Replace bunx with bun x for cross-platform compatibility (61d6b96)

Features

  • security: Validate external URLs to prevent XSS attacks (#169, bf73482)

Testing

  • Add tests for contentConvert tool (#148, f672807)

  • Add tests for initServer startup logic (#158, 4350afe)

  • Improve testing for mixed-type arrays in properties helper (#149, b6fc9ad)

  • Prevent block update with mismatched content type (#154, a9060fe)

Detailed Changes: v2.10.1...v2.11.0

View release on GitHub
v2.10.1 Breaking risk
Breaking changes
  • Removed unsupported --production flag from bun install command in Docker container.
Full changelog

v2.10.1 (2026-02-28)

Bug Fixes

  • docker: Remove unsupported --production flag from bun install (4ce090e)

Detailed Changes: v2.10.0...v2.10.1

View release on GitHub
v2.10.0 Security relevant
Security fixes
  • CVE – Path traversal vulnerability fixed by updating Rollup to 4.59.0
Notable features
  • Migrate to Qodo Merge AI Review (Gemini 3 Flash) in CI
Full changelog

v2.10.0 (2026-02-28)

Bug Fixes

  • Update README badges with Codecov, tech stack, and engineering standards (3783415)

  • Update rollup to 4.59.0 to fix path traversal vulnerability (CVE) (3c831f5)

  • ci: Fix syntax errors and correctly configure Qodo + Gemini 3 Flash (bdaf2ee)

  • ci: Merge Qodo PR-agent config into main branch (7046d8f)

  • ci: Move pr-agent config to .pr_agent.toml (9e4bde8)

  • ci: Update to supported Gemini 3 and 2.5 flash models (2f503c3)

  • ci: Use bun run test for vitest and remove mise exec from pre-commit hooks (c088387)

Chores

  • Migrate to 2025-2026 tech stack (bun/biome) (fa48361)

Features

  • ci: Migrate to Qodo Merge AI Review (Gemini 3 Flash) (c20dd76)

Detailed Changes: v2.9.0...v2.10.0

View release on GitHub
v2.9.0 Security relevant
Security fixes
  • dep: Update @modelcontextprotocol/sdk fixes hono timing vulnerability
Notable features
  • Add Codecov coverage upload and CodeRabbit config
  • Add Renovate config for automated dependency updates
  • Add StepSecurity Harden-Runner to all workflow jobs (audit mode)
Full changelog

v2.9.0 (2026-02-26)

Bug Fixes

  • Consolidate security, performance, and code quality improvements (bd825ed)

  • Standardize repo structure with enforce-commit hook (616b94b)

  • deps: Update @modelcontextprotocol/sdk to fix hono timing vulnerability (fee2a1e)

  • file-uploads: Auto-retrieve content_type from upload session in send action (36a02c1)

  • security: Add allowlist validation for help tool_name to prevent path traversal (registry.ts) (bd825ed)

Chores

  • Add Gemini Code Assist style guide (8e3c461)

  • Change Renovate schedule to daily 5am (9101e65)

  • Remove CodeRabbit config, migrating to Gemini Code Assist (a3d5588)

  • config: Migrate config renovate.json (#139, 14e7591)

Features

  • Add Codecov coverage upload and CodeRabbit config (fbb88df)

  • ci: Add Renovate config for automated dependency updates (a333d05)

  • ci: Add StepSecurity Harden-Runner to all workflow jobs (audit mode) (e97e648)

Testing

  • Add unit tests for users and workspace tools (8be28fa)

Detailed Changes: v2.8.0...v2.9.0

View release on GitHub
v2.8.0 New feature
Notable features
  • Data encapsulation against indirect prompt injection (XPIA)
Full changelog

v2.8.0 (2026-02-25)

Bug Fixes

  • Add CI status badge to README (57847aa)

  • Remove limitations section from README (96c116c)

Features

  • Add data encapsulation against indirect prompt injection (XPIA) (c229386)

Detailed Changes: v2.7.0...v2.8.0

View release on GitHub
v2.7.0 Breaking risk
Breaking changes
  • Removed webhook support
Security fixes
  • dep: ajv upgraded to 8.18.0 — fixes ReDoS vulnerability
Notable features
  • Added file_uploads composite tool (create, send, complete, retrieve, list)
  • Enhanced overall API coverage
Full changelog

v2.7.0 (2026-02-20)

Bug Fixes

  • deps: Upgrade ajv to 8.18.0 for ReDoS security patch (#114, d3b551a)

  • deps: Upgrade ajv to 8.18.0 for ReDoS security patch (#76, 027f71c)

Chores

  • deps: Bump qs from 6.14.1 to 6.14.2 (f3213a3)

Documentation

  • Add AGENTS.md for AI coding agents (86342a2)

  • Add required annotations to quick start config (aa5508f)

  • Sync tool docs with code - add missing params and fix deprecated annotations (3fd8bda)

Features

  • Add file_uploads tool, fix live MCP bugs, enhance API coverage (#114, d3b551a)

  • Add file_uploads tool, fix live MCP bugs, remove webhooks (#114, d3b551a)

  • file-uploads: Add file_uploads composite tool (create, send, complete, retrieve, list) (#114, d3b551a)

Detailed Changes: v2.6.3...v2.7.0

View release on GitHub
v2.6.2 Bug fix
Security fixes
  • Sanitized parent in pages.duplicate to prevent injection or unintended hierarchy changes
Full changelog

v2.6.2 (2026-02-18)

Bug Fixes

  • Improve users and databases documentation (51984c2)

  • Sanitize parent in pages.duplicate and fix docs (af9499a)

Documentation

  • Add --name flag to Docker run example (fc03674)

  • Add MCP resources URIs to token optimization section (f9a90ff)

  • Restructure Quick Start with 4 config options (5c9a926)

  • Update docker-compose with notion token env var (867726c)

Detailed Changes: v2.6.1...v2.6.2

View release on GitHub
v2.6.1 Bug fix

Fixed schema-aware property conversion and improved error details.

Full changelog

v2.6.1 (2026-02-17)

Bug Fixes

  • Schema-aware property conversion and better error details (cf81f35)

Detailed Changes: v2.6.0...v2.6.1

View release on GitHub
v2.5.6 New feature
Notable features
  • Added `config_file` option for PSR integration in the cd command.
  • Enabled checkout of DockerHub description via the cd command.
Full changelog

v2.5.6 (2026-02-14)

Bug Fixes

  • cd: Add config_file for PSR + checkout for DockerHub description (b6dbc45)

Detailed Changes: v2.5.5...v2.5.6

View release on GitHub
v2.5.5 Breaking risk
Breaking changes
  • Removed the `build_command` key from PSR configuration as it is unavailable in the PSR container
Full changelog

v2.5.5 (2026-02-14)

Bug Fixes

  • cd: Remove build_command from PSR config (not available in PSR container) (450248a)

Detailed Changes: v2.5.4...v2.5.5

View release on GitHub
v2.5.3 Bug fix

Fixed automatic merge conflict resolution during promote workflow.

Full changelog

2.5.3 (2026-02-13)

Bug Fixes

  • cd: auto-resolve merge conflicts in promote workflow (5f0f832)

Documentation

View release on GitHub
v2.5.2 Bug fix

Fixed missing Git config identity during the sync-dev step.

Full changelog

2.5.2 (2026-02-12)

Bug Fixes

  • cd: add git config identity for sync-dev step (ca05438)
View release on GitHub
v2.5.1 Bug fix

Fixed formatting of the manifest file for biome.

Full changelog

2.5.1 (2026-02-09)

Bug Fixes

  • format manifest file for biome (d230282)
View release on GitHub
v2.5.0 Maintenance

Minor fixes and improvements.

Full changelog

2.5.0 (2026-02-09)

Features

  • promote dev to main (v2.4.1-beta) (#44) (a4b7d96)

Bug Fixes

  • release: reset manifest to stable version (60f67a1)
View release on GitHub
v2.4.0 Maintenance

Minor fixes and improvements.

Full changelog

2.4.0 (2026-02-08)

Features

  • promote dev to main - migrate to release-please (9bd8b39)
  • promote dev to main (v2.3.14-beta.1) (#23) (9292290)
  • promote dev to main (v2.4.0-beta.2) (#31) (76a845e)
View release on GitHub

Beta — feedback welcome: [email protected]