Skip to content

hackmd-mcp v1.5.0

Choose a tag to compare

View all tags
@yuna0x0 yuna0x0 released this 15 Sep 03:05
· 13 commits to main since this release
v1.5.0
c574d89
This commit was signed with the committer’s verified signature.
yuna0x0 yuna0x0
GPG key ID: 6C8EAF0D90FD8E80
Verified
Learn about vigilant mode.

What's Changed

  • Add HackMD API URL allowlist to prevent SSRF attacks (CVE-2025-59155)
  • Upgrade package manager and update pnpm lockfile

⚠️ Breaking change

User who uses custom HackMD API URL with HackMD MCP server running in HTTP transport mode, should update their server environment variable with ALLOWED_HACKMD_API_URLS (comma-separated URL).

Otherwise, the default configuration now only allows the official HackMD API URL (https://api.hackmd.io/v1).

For example:

ALLOWED_HACKMD_API_URLS=https://api.hackmd.io/v1,https://your-hackmd-instance.com/api/v1

Full Changelog: v1.4.2...v1.5.0

Assets 3
Loading