Skip to content

Commit 2f5768e

Browse files
committed
1.7.1
1 parent f5a947e commit 2f5768e

5 files changed

Lines changed: 13 additions & 6 deletions

File tree

.mcp/server.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,12 +7,12 @@
77
"url": "https://github.com/ihor-sokoliuk/mcp-searxng",
88
"source": "github"
99
},
10-
"version": "1.7.0",
10+
"version": "1.7.1",
1111
"packages": [
1212
{
1313
"registryType": "npm",
1414
"identifier": "mcp-searxng",
15-
"version": "1.7.0",
15+
"version": "1.7.1",
1616
"transport": {
1717
"type": "stdio"
1818
},

CHANGELOG.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,13 @@
33
All notable changes to mcp-searxng are documented here.
44
Versions follow [Semantic Versioning](https://semver.org/).
55

6+
## [1.7.1] - 2026-06-18
7+
8+
### Security
9+
10+
- **DNS-resolved private-address SSRF in `web_url_read` blocked (GHSA-mrvx-jmjw-vggc):** The URL reader previously validated only the literal hostname string, so a public-looking hostname that DNS-resolves to a private, loopback, or link-local address (for example a domain pointing at `127.0.0.1`/`10.0.0.0/8` or a cloud metadata endpoint like `169.254.169.254`) bypassed the SSRF guard. Direct (no-proxy) reads now validate every resolved DNS answer before connecting and pin the connection to the validated address, closing the DNS-rebinding window. The `MCP_HTTP_ALLOW_PRIVATE_URLS=true` opt-out still applies. When a URL-reader proxy is configured the proxy performs DNS resolution, so those deployments must rely on egress/firewall controls (documented in `SECURITY.md`).
11+
- **Unbounded response-body read in `web_url_read` capped (GHSA-xcqx-9jf5-w339):** The page-size limit was advisory only — a server using chunked transfer encoding, a failing/absent HEAD response, or a body larger than its reported `Content-Length` could force the entire response into memory (denial of service). The body is now read through a bounded stream that enforces `URL_READ_MAX_CONTENT_LENGTH_BYTES` (default 5 MB) against the decompressed size and stops once the cap is exceeded, before any conversion or caching.
12+
613
## [1.7.0] - 2026-06-18
714

815
### Added

package-lock.json

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "mcp-searxng",
3-
"version": "1.7.0",
3+
"version": "1.7.1",
44
"mcpName": "io.github.ihor-sokoliuk/mcp-searxng",
55
"description": "MCP server for SearXNG integration",
66
"license": "MIT",

src/version.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
export const packageVersion = "1.7.0";
1+
export const packageVersion = "1.7.1";

0 commit comments

Comments
 (0)