Skip to content

v0.2.2 — security hardening (CSO audit fixes)

Choose a tag to compare

View all tags
@github-actions github-actions released this 05 Apr 06:53
· 69 commits to main since this release
Immutable release. Only release title and notes can be modified.
v0.2.2
131813d

Security fixes

Findings from a full CSO audit, all resolved:

  • Health-check command allowlist (HIGH) — spawn() in health checks now validates the command against an allowlist (npx, uvx, docker, node, python) before execution. Prevents RCE if a config file was tampered with after install.

  • MCP tool input constraints (MEDIUM) — Added Zod bounds on all MCP server tool inputs: query max 200 chars, description max 1000 chars, limit max 100, minTrustScore range 0-100 on all schemas. Prevents oversized payloads and trust-gate bypass via negative values.

  • Client ID validation in MCP server (MEDIUM) — resolveClients now validates --client against CLIENT_IDS allowlist before the as ClientId cast, matching the pattern already used in CLI commands.

  • Doctor command allowlist (MEDIUM) — execCheckDefault now restricts which commands can be passed to which/where.

  • Warning listener fix (MEDIUM) — Removed removeAllListeners("warning") which was suppressing Node.js security warnings. Now uses an additive filter for the cli-table3 noise only.

  • Always validate server name (LOW) — handleInstall now validates the server name unconditionally, even when called from handleSetup with pre-resolved entries.

Install / upgrade

npm install -g @getmcpm/cli@0.2.2

Full changelog: v0.2.1...v0.2.2

Assets 3
Loading