Skip to content

Tags: jamubc/gemini-mcp-tool

Tags

v1.1.8

Toggle v1.1.8's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
fix: retirement-aware missing-CLI guidance and README framing (#103)

A missing backend CLI now fails helpfully: it names the 2026-06-18 Gemini CLI retirement, gives Google's real agy install command, and tells Enterprise/paid-API-key users to set GEMINI_MCP_BACKEND=gemini to stay on gemini. Drops the dead 'npm install -g @google/gemini-cli' hint. The README notice is reframed for affected tiers (install agy, now the default) vs unaffected tiers (opt back to gemini).

v1.2.0-beta.1

Toggle v1.2.0-beta.1's commit message
chore(release): 1.1.6-beta.1

Pre-release snapshot combining the CVE-2026-0755 fix (#76) and the Windows
stdin/windowsHide work (#77) for manual testing ahead of 1.1.6. GitHub
pre-release only; not published to npm.

v1.1.6

Toggle v1.1.6's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
release: v1.1.6 — emergency CVE-2026-0755 security patch (#76)

* fix(security): remove broken prompt quoting and contain @file refs (CVE-2026-0755)

geminiExecutor wrapped any prompt containing '@' in literal double quotes
before pushing it into the spawn args array. With shell: false those quotes
are passed verbatim to the Gemini CLI, providing no protection and corrupting
@file references (#66). Remove the quoting from both the primary and fallback
paths; Windows .cmd quoting is already handled in commandExecutor.

Add assertSafeFileReferences() to reject @file references that resolve outside
the project working directory (absolute paths, ~ home refs, ../ traversal),
closing the arbitrary-file-read exfiltration vector described in CVE-2026-0755
while preserving legitimate in-project @file usage.

Fixes #73

* docs: add security report for 2026-05-28 codebase audit

Code + dependency audit of the repository. Records the CVE-2026-0755 fix
status, low/informational code findings, and a runtime-vs-dev attribution of
the npm audit results (only @modelcontextprotocol/sdk and the unused
inquirer->tmp chain reach the shipped/runtime tree).

* fix(security): harden Windows cmd.exe arg quoting against injection

The shell:true path on Windows only quoted args containing whitespace, so a
spaceless token carrying cmd metacharacters (e.g. a prompt `a&calc`) broke out
into command injection. Quote every argument via quoteForCmd() so `& | < > ^ ( )`
stay inert. Completes the CVE-2026-0755 fix across the Windows code path, which
the prompt-quoting fix alone did not cover (ask-gemini, brainstorm, ping).

* chore(release): 1.1.6 — emergency CVE-2026-0755 security patch

v1.1.5

Toggle v1.1.5's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
fix(security): path-traversal guards for fetch-chunk and chunkCache (…

…CWE-22) (#72)

* fix(security): add path-traversal guards to fetch-chunk and chunkCache (CWE-22)

- Add cacheKey format validation (^[a-f0-9]{8}$) in fetch-chunk.tool.ts
- Add path containment check (resolve + startsWith) in getChunks()
- Remove silent fs.unlinkSync on parse errors (DELETE primitive)

* fix(security): move regex validation into getChunks, guard ask-gemini path

- Move cacheKey regex check (^[a-f0-9]{8}$) INTO getChunks() itself so
  every caller is protected regardless of entry point
- Add format validation to ask-gemini.tool.ts chunkCacheKey path, which
  was previously unguarded (bypassed the fetch-chunk regex entirely)

* bump version to 1.1.5

v1.1.2

Toggle v1.1.2's commit message
bump version

v1.1.1

Toggle v1.1.1's commit message
Version 1.1.1