Tags: jamubc/gemini-mcp-tool
Tags
fix: retirement-aware missing-CLI guidance and README framing (#103) A missing backend CLI now fails helpfully: it names the 2026-06-18 Gemini CLI retirement, gives Google's real agy install command, and tells Enterprise/paid-API-key users to set GEMINI_MCP_BACKEND=gemini to stay on gemini. Drops the dead 'npm install -g @google/gemini-cli' hint. The README notice is reframed for affected tiers (install agy, now the default) vs unaffected tiers (opt back to gemini).
chore(release): 1.1.6-beta.1 Pre-release snapshot combining the CVE-2026-0755 fix (#76) and the Windows stdin/windowsHide work (#77) for manual testing ahead of 1.1.6. GitHub pre-release only; not published to npm.
release: v1.1.6 — emergency CVE-2026-0755 security patch (#76) * fix(security): remove broken prompt quoting and contain @file refs (CVE-2026-0755) geminiExecutor wrapped any prompt containing '@' in literal double quotes before pushing it into the spawn args array. With shell: false those quotes are passed verbatim to the Gemini CLI, providing no protection and corrupting @file references (#66). Remove the quoting from both the primary and fallback paths; Windows .cmd quoting is already handled in commandExecutor. Add assertSafeFileReferences() to reject @file references that resolve outside the project working directory (absolute paths, ~ home refs, ../ traversal), closing the arbitrary-file-read exfiltration vector described in CVE-2026-0755 while preserving legitimate in-project @file usage. Fixes #73 * docs: add security report for 2026-05-28 codebase audit Code + dependency audit of the repository. Records the CVE-2026-0755 fix status, low/informational code findings, and a runtime-vs-dev attribution of the npm audit results (only @modelcontextprotocol/sdk and the unused inquirer->tmp chain reach the shipped/runtime tree). * fix(security): harden Windows cmd.exe arg quoting against injection The shell:true path on Windows only quoted args containing whitespace, so a spaceless token carrying cmd metacharacters (e.g. a prompt `a&calc`) broke out into command injection. Quote every argument via quoteForCmd() so `& | < > ^ ( )` stay inert. Completes the CVE-2026-0755 fix across the Windows code path, which the prompt-quoting fix alone did not cover (ask-gemini, brainstorm, ping). * chore(release): 1.1.6 — emergency CVE-2026-0755 security patch
fix(security): path-traversal guards for fetch-chunk and chunkCache (… …CWE-22) (#72) * fix(security): add path-traversal guards to fetch-chunk and chunkCache (CWE-22) - Add cacheKey format validation (^[a-f0-9]{8}$) in fetch-chunk.tool.ts - Add path containment check (resolve + startsWith) in getChunks() - Remove silent fs.unlinkSync on parse errors (DELETE primitive) * fix(security): move regex validation into getChunks, guard ask-gemini path - Move cacheKey regex check (^[a-f0-9]{8}$) INTO getChunks() itself so every caller is protected regardless of entry point - Add format validation to ask-gemini.tool.ts chunkCacheKey path, which was previously unguarded (bypassed the fetch-chunk regex entirely) * bump version to 1.1.5