v0.1.6
Security
This release fixes a path traversal vulnerability (CWE-22, CVSS 8.1 High) affecting all prior versions. Crafted filename or folder arguments to the vault tools could read, write, or delete files outside the configured vault root. Symlinks inside the vault pointing outside it were also followed.
Users of obsidian-mcp-rs should upgrade immediately.
See GHSA-qcqq-h5q6-69qq for the full advisory; a CVE ID will be assigned by MITRE shortly.
Reported by Luca King — thank you.
What's new
Security
- Path traversal in vault tools (CWE-22) — every path argument (
filename,folder,search_path) now goes through asafe_joinhelper that canonicalizes the deepest existing ancestor and rejects anything outside the canonicalized vault root. Absolute paths infilename/folderare rejected outright. Symlink escapes (a symlink inside the vault pointing outside it) are also blocked.
Added
install/uninstall/listsupport for 12 additional MCP clients:
Windsurf, VS Code (Copilot), Gemini CLI, Antigravity, Cline, Kiro,
LM Studio, Factory, Amp, opencode, Codex CLI, Goose- TOML and YAML config writers (Codex
config.toml, Gooseconfig.yaml)
Changed
logssubcommand now colorizes output (ERROR red, WARN yellow, DEBUG/TRACE dim)
Upgrade
# npm / npx users
npx -y obsidian-mcp-rs@0.1.6 --version
# cargo users
cargo install obsidian-mcp-rs --version 0.1.6 --forceFull Changelog: v0.1.5...v0.1.6