@berthojoris/mcp-mysql-server 1.6.1 → 1.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +12 -0
  2. package/README.md +2 -2
  3. package/dist/security/securityLayer.js +3 -1
  4. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -5,6 +5,18 @@ All notable changes to the MySQL MCP Server will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [1.6.2] - 2025-11-22
9
+
10
+ ### Fixed
11
+ - **Security keyword false positive bug** - Fixed issue where `run_query` rejected valid SELECT queries containing table names like "users"
12
+ - The dangerous keyword check was using substring matching (`includes()`) which caused "USER" to match "USERS"
13
+ - Changed to word boundary regex matching (`\bKEYWORD\b`) to only match whole words
14
+ - `SELECT * FROM users` now works correctly while `SELECT USER()` is still blocked as intended
15
+
16
+ ### Changed
17
+ - **Updated tool count in README.md** - Corrected tool count from 30/73 to 85 powerful tools
18
+ - Accurate count of all available MCP tools across all categories
19
+
8
20
  ## [1.4.16] - 2025-11-22
9
21
 
10
22
  ### Added
package/README.md CHANGED
@@ -11,7 +11,7 @@ A fully-featured **Model Context Protocol (MCP)** server for MySQL database inte
11
11
 
12
12
  - ✅ **Full MCP Protocol Support** - Works with Claude Desktop, Cline, Windsurf, and any MCP-compatible AI agent
13
13
  - 🔐 **Secure by Default** - Parameterized queries, SQL injection protection, permission-based access control
14
- - 🛠️ **30 Powerful Tools** - Complete database operations (CRUD, DDL, queries, schema inspection, transactions, stored procedures, bulk operations)
14
+ - 🛠️ **85 Powerful Tools** - Complete database operations (CRUD, DDL, queries, schema inspection, transactions, stored procedures, bulk operations)
15
15
  - 🎛️ **Dynamic Per-Project Permissions** - Each AI agent can have different access levels
16
16
  - 🗃️ **DDL Support** - Create, alter, and drop tables (when explicitly enabled)
17
17
  - 💎 **Transaction Support** - Full ACID transaction management (BEGIN, COMMIT, ROLLBACK)
@@ -463,7 +463,7 @@ After (DDL enabled):
463
463
 
464
464
  ## 🛠️ Available Tools
465
465
 
466
- The MCP server provides **73 powerful tools**:
466
+ The MCP server provides **85 powerful tools**:
467
467
 
468
468
  ### Database Discovery (4 tools)
469
469
 
package/dist/security/securityLayer.js CHANGED
@@ -160,7 +160,9 @@ class SecurityLayer {
160
160
  // When bypassDangerousCheck is true (user has 'execute' permission), skip this check
161
161
  if (!bypassDangerousCheck) {
162
162
  for (const keyword of this.dangerousKeywords) {
163
- if (cleanQuery.includes(keyword)) {
163
+ // Use word boundary regex to avoid false positives (e.g., "USER" matching "USERS")
164
+ const keywordRegex = new RegExp(`\\b${keyword}\\b`, "i");
165
+ if (keywordRegex.test(cleanQuery)) {
164
166
  return {
165
167
  valid: false,
166
168
  error: `Dangerous keyword detected: ${keyword}. This requires 'execute' permission.`,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@berthojoris/mcp-mysql-server",
3
- "version": "1.6.1",
3
+ "version": "1.6.2",
4
4
  "description": "Model Context Protocol server for MySQL database integration with dynamic per-project permissions and data export capabilities",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",