Skip to content

Releases: xt765/mcp_documents_reader

v1.3.1

13 Mar 02:34
@xt765 xt765
v1.3.1
5785cf7

Choose a tag to compare

View all tags
v1.3.1 Latest
Latest

[1.3.1] - 2026-03-13
Security Fixes
pypdf Security Vulnerability: Upgraded pypdf>=6.8.0, fixing CVE-2026-28804
Fixed inefficient decoding of ASCIIHexDecode streams, preventing DoS attacks
Changed
Dependency Upgrades:
pypdf>=6.7.4 → pypdf>=6.8.0

Assets 2
Loading
0 Join discussion

v1.3.0

10 Mar 02:37
@xt765 xt765
v1.3.0
8cb00d6

Choose a tag to compare

View all tags
v1.3.0

[1.3.0] - 2025-03-10
Changed
Flexible File Path Access: Removed DOCUMENT_DIRECTORY restriction, now supports absolute and relative paths
Removed DOCUMENT_DIRECTORY environment variable dependency
Removed AppContext dataclass and app_lifespan function
Removed _get_document_path() security function
read_document() now directly uses Path(filename) for path handling
Simplified Architecture: Removed FastMCP lifespan configuration for cleaner code
Test Suite Optimization: Removed test_lifespan.py, updated test_tools.py with new path handling tests
Removed
DOCUMENT_DIRECTORY environment variable support
AppContext dataclass
app_lifespan async context manager
_get_document_path() helper function

Loading
0 Join discussion

v1.2.1

02 Mar 06:52
@xt765 xt765
v1.2.1
ee7c374

Choose a tag to compare

View all tags
v1.2.1

[1.2.1] - 2025-03-02
Security Fixes
pypdf Security Vulnerabilities: Upgraded pypdf>=6.7.4, fixing 3 CVEs
CVE-2026-28351: RunLengthDecode streams can exhaust RAM
CVE-2026-27888: FlateDecode XFA streams can exhaust RAM
CVE-2026-27628: Circular references cause infinite loop
MCP SDK Upgrade: Upgraded mcp>=1.26.0
Test Code Security: Refactored path traversal test code to avoid static analysis false positives
Changed
Dependency Upgrades:
mcp>=1.23.0 → mcp>=1.26.0
pypdf>=6.7.1 → pypdf>=6.7.4
typing_extensions>=4.12.0 → typing_extensions>=4.15.0

Full Changelog: v1.2.0...v1.2.1

Loading
0 Join discussion

v1.2.0

02 Mar 04:48
@xt765 xt765
v1.2.0
6f4f9b4

Choose a tag to compare

View all tags
v1.2.0

[1.2.0] - 2025-03-02
Security Fixes
MCP SDK Security Vulnerabilities: Upgraded mcp>=1.23.0, fixed 3 high-severity CVEs
CVE-2025-53365: Unhandled exception in Streamable HTTP Transport leading to DoS
CVE-2025-53366: FastMCP Server validation error leading to DoS
CVE-2025-66416: DNS rebinding protection not enabled by default
PyPDF2 Security Vulnerability: Replaced with pypdf>=6.7.1, fixed CVE-2023-36464
Path Traversal Protection: Added explicit path validation to prevent arbitrary file read attacks
Error Message Sanitization: Removed full paths from error messages to prevent information disclosure
Added
PyPI Package Metadata: Added project.urls linking to GitHub repository
Changed
Dependency Upgrades:
mcp>=0.1.0 → mcp>=1.23.0
PyPDF2>=3.0.1 → pypdf>=6.7.1
python-docx>=0.8.11 → python-docx>=1.2.0
openpyxl>=3.0.10 → openpyxl>=3.1.5
typing_extensions>=4.0.0 → typing_extensions>=4.12.0
CI/CD Migration: Migrated from pip to uv for faster builds

Loading
0 Join discussion

v1.1.0

01 Mar 06:19
@xt765 xt765
v1.1.0
d5e9912

Choose a tag to compare

View all tags
v1.1.0

Full Changelog: https://github.com/xt765/mcp_documents_reader/commits/v1.1.0

Loading
0 Join discussion