Skip to content

v2.0.1

Latest

Choose a tag to compare

@solomonneas solomonneas released this 10 Jun 17:13

Security hardening release. Everything below was already on main but had not
shipped to npm; this release delivers it.

Security

  • Scoped TLS verification disable per request: when *_VERIFY_SSL=false, the
    relaxed TLS setting now applies only to that integration's requests via a
    dedicated undici dispatcher, instead of disabling certificate validation
    process-wide.
  • User-supplied IDs are now validated against strict allow-list patterns and
    URL-encoded before being interpolated into SOC API paths (Wazuh, TheHive,
    Cortex, MISP).
  • The three state-changing SOC tools (mitre_misp_create_event,
    mitre_thehive_create_case, mitre_cortex_run_analyzers) are now gated:
    they dry-run by default and execute only with per-call confirm: true or
    the MITRE_SOC_ALLOW_WRITES environment variable.
  • SOC API responses are parsed defensively by content type.

Changed

  • The MCP server version is derived from package.json instead of a
    hardcoded constant, so the version reported to clients can no longer drift.
  • CI now runs ./scripts/verify (typecheck, tests, build), and test failures
    fail the build. Previously CI skipped typecheck and ignored test failures.
  • The npm publish job skips re-publishing when the version already exists.
  • Refreshed npm dependencies.

Fixed

  • Stripped a stray MCP schema marker from tool registration.

Added

  • AGENTS.md repository guidance and the scripts/verify single
    verification entrypoint.
  • Content-guard pre-push hook to keep secrets and internal hosts out of
    the public repo.
  • Security regression tests (tests/soc-security.test.ts).
  • This changelog.

Docs

  • Refreshed README banner and badges; sanitized SOC integration host
    examples to *.example.internal placeholders.