npm - memory-journal-mcp - Versions diffs - 4.4.0 → 4.4.1 - Mend

memory-journal-mcp 4.4.0 → 4.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
+## [4.4.1] - 2026-02-27
+### Security
+- **CVE-2026-27903 + CVE-2026-27904 (minimatch)** — Added npm override `minimatch@^10.2.3` to fix HIGH severity ReDoS and algorithmic complexity vulnerabilities (CVSS 7.5) that blocked Docker deploy
 ## [4.4.0] - 2026-02-27
 ### Added

package/DOCKER_README.md CHANGED Viewed

@@ -466,7 +466,7 @@ Memory Journal is designed for extremely low overhead during AI task execution.
 **Available Tags:**
-- `4.4.0` - Specific version (recommended for production)
+- `4.4.1` - Specific version (recommended for production)
 - `4.4` - Latest patch in 4.4.x series
 - `4` - Latest minor in 4.x series
 - `latest` - Always the newest version

package/Dockerfile CHANGED Viewed

@@ -110,6 +110,6 @@ CMD ["node", "dist/cli.js"]
 # Labels for Docker Hub
 LABEL maintainer="Adamic.tech"
 LABEL description="Memory Journal MCP Server - Project context management for AI-assisted development"
-LABEL version="4.4.0"
+LABEL version="4.4.1"
 LABEL org.opencontainers.image.source="https://github.com/neverinfamous/memory-journal-mcp"
 LABEL io.modelcontextprotocol.server.name="io.github.neverinfamous/memory-journal-mcp"

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "memory-journal-mcp",
-    "version": "4.4.0",
+    "version": "4.4.1",
     "description": "Project context management for AI-assisted development - Persistent knowledge graphs and intelligent context recall across fragmented AI threads",
     "type": "module",
     "main": "dist/index.js",
@@ -78,6 +78,7 @@
         "axios": "^1.13.5",
         "brace-expansion": "^2.0.2",
         "glob": "^11.1.0",
+        "minimatch": "^10.2.3",
         "tar": "^7.5.8",
         "tmp": "^0.2.4"
     }

package/releases/v4.4.1.md ADDED Viewed

@@ -0,0 +1,33 @@
+# v4.4.1 - CVE Remediation (minimatch)
+Released: February 27, 2026
+## Highlights
+- **Security Patch** — Fixed 2 HIGH severity CVEs in minimatch that blocked Docker deployment
+---
+## Security
+### CVE-2026-27903 (minimatch) — HIGH
+Inefficient algorithmic complexity vulnerability in minimatch >=10.0.0, <10.2.3 (CVSS 7.5). Added npm override `minimatch@^10.2.3`.
+### CVE-2026-27904 (minimatch) — HIGH
+Inefficient regular expression complexity (ReDoS) in minimatch >=10.0.0, <10.2.3 (CVSS 7.5). Same fix as CVE-2026-27903.
+---
+## Upgrade
+```bash
+# npm
+npm update -g memory-journal-mcp
+# Docker
+docker pull writenotenow/memory-journal-mcp:v4.4.1
+```
+**Full Changelog**: https://github.com/neverinfamous/memory-journal-mcp/wiki/CHANGELOG

package/server.json CHANGED Viewed

@@ -3,12 +3,12 @@
     "name": "io.github.neverinfamous/memory-journal-mcp",
     "title": "Memory Journal MCP",
     "description": "MCP server– Project memory system with GitHub-aware context, knowledge graphs, and CI/PR timelines",
-    "version": "4.4.0",
+    "version": "4.4.1",
     "packages": [
         {
             "registryType": "oci",
-            "identifier": "docker.io/writenotenow/memory-journal-mcp:v4.4.0",
-            "version": "4.4.0",
+            "identifier": "docker.io/writenotenow/memory-journal-mcp:v4.4.1",
+            "version": "4.4.1",
             "transport": {
                 "type": "stdio"
             }