Skip to content

v1.0.4

Choose a tag to compare

View all tags
@tumf tumf released this 16 Jun 23:06
· 12 commits to main since this release
v1.0.4
a8e7163

Security release for MCP Shell Server.

Security

  • Replaced shell-string subprocess execution with argv-based create_subprocess_exec() for normal commands and pipelines.
  • Hardened ALLOW_PATTERNS to use full command-name matching and reject unsafe shell metacharacter forms.
  • Rejected default exec-capable bypass vectors including shells/interpreters, env, xargs, find -exec, awk system(), tar --checkpoint-action=exec, and git external aliases.
  • Enforced redirection containment under the validated working directory before file open side effects.
  • Isolated child process environments from parent secrets unless variables are explicitly allowlisted.
  • Added default/max timeout handling, output byte caps, and structured redacted audit logging.

PyPI: mcp-shell-server==1.0.4

Assets 4
Loading