Airtable MCP

Overview Schema Related Servers Score Discussions

v3.2.x-SUMMARY.md•6.69 kB

# Release Summary: v3.2.1 - v3.2.4 ## Major Security & Architecture Updates This document summarizes all releases from v3.2.1 to v3.2.4, representing a comprehensive overhaul of the Airtable MCP server with critical security fixes and architectural improvements. --- ## 📦 v3.2.4 - Complete XSS Security Fix **Released:** September 9, 2025 **Type:** 🔒 Security Release **GitHub Alerts:** #10 & #11 Resolved ### What's Fixed - **XSS Vulnerabilities** in OAuth2 endpoint (`airtable_simple_production.js:708-710`) - ✅ Unicode escaping for all special characters in JSON - ✅ Using `textContent` instead of `innerHTML` for dynamic content - ✅ Multiple layers of character escaping - ✅ Defense-in-depth XSS prevention ### Technical Details ```javascript // Before (Vulnerable) var config = ${JSON.stringify(data)}; <p>Client ID: ${clientId}</p> // After (Secure) var config = ${safeJsonConfig}; // Unicode-escaped document.getElementById('client-id').textContent = clientId; ``` --- ## 📦 v3.2.3 - Command Injection Complete Fix **Released:** September 9, 2025 **Type:** 🔒 Security Release **GitHub Alert:** #10 (Python) Resolved ### What's Fixed - **Command Injection** in Python test client (`test_client.py`) - ✅ BASE_ID validation at startup - ✅ Eliminated string interpolation vulnerabilities - ✅ Path traversal protection - ✅ Token format validation - ✅ Complete input sanitization ### Security Improvements ```python # Before (Vulnerable) result = api_call(f"meta/bases/{BASE_ID}/tables") # After (Secure) # BASE_ID validated at startup if not all(c.isalnum() or c in '-_' for c in BASE_ID): print(f"Error: Invalid BASE_ID format") sys.exit(1) endpoint = "meta/bases/" + BASE_ID + "/tables" ``` --- ## 📦 v3.2.2 - Initial Security Patches **Released:** September 9, 2025 **Type:** 🔒 Security Release **GitHub Alert:** #10 Partial Fix ### What's Fixed - **Initial command injection fixes** in `test_client.py` - ✅ Added input validation for API endpoints - ✅ Removed unused subprocess import - ✅ Basic endpoint sanitization ### Note This was a partial fix. Complete resolution came in v3.2.3. --- ## 📦 v3.2.1 - TypeScript Architecture Fix & Project Restructure **Released:** September 9, 2025 **Type:** 🏗️ Major Architecture Update ### Critical Fix - **TypeScript Compilation Issue** completely resolved - ✅ Fixed `.d.ts` files containing runtime code - ✅ Proper separation of types and implementation ### New Files Created ``` src/typescript/ ├── errors.ts # Runtime error classes ├── tools-schemas.ts # Tool schema constants └── prompt-templates.ts # AI prompt templates ``` ### Project Restructure ``` airtable-mcp/ ├── src/ │ ├── index.js # Main entry point │ ├── typescript/ # TypeScript implementation │ ├── javascript/ # JavaScript implementation │ └── python/ # Python implementation ├── dist/ # Compiled output ├── docs/ │ ├── guides/ # User guides │ └── releases/ # Release notes ├── tests/ # All test files └── types/ # TypeScript definitions ``` ### What Changed - ✅ World-class project organization - ✅ TypeScript now compiles successfully - ✅ Proper build system with npm scripts - ✅ ESLint and Prettier configurations - ✅ Jest testing framework setup - ✅ CI/CD pipeline structure --- ## 🎯 Combined Impact ### Security Fixes Summary | Alert | Type | File | Version | Status | |-------|------|------|---------|---------| | #10 | XSS | `airtable_simple_production.js:708` | v3.2.4 | ✅ Fixed | | #11 | XSS | `airtable_simple_production.js:710` | v3.2.4 | ✅ Fixed | | #10 | Command Injection | `test_client.py` | v3.2.3 | ✅ Fixed | ### Architecture Improvements - ✅ TypeScript compilation working - ✅ Proper file organization - ✅ Clean separation of concerns - ✅ Professional build system - ✅ Comprehensive testing setup ### Backwards Compatibility ✅ **No breaking changes** across all versions - All existing functionality preserved - API endpoints unchanged - Both JS and TS implementations working --- ## 📥 Installation ### New Installation ```bash npm install @rashidazarang/airtable-mcp@3.2.4 ``` ### Update from Any Previous Version ```bash npm update @rashidazarang/airtable-mcp ``` ### Verify Installation ```bash npm list @rashidazarang/airtable-mcp # Should show: @rashidazarang/airtable-mcp@3.2.4 ``` --- ## 🚀 Quick Start ### JavaScript ```bash AIRTABLE_TOKEN=your_token AIRTABLE_BASE_ID=your_base \ node node_modules/@rashidazarang/airtable-mcp/src/javascript/airtable_simple_production.js ``` ### TypeScript ```bash # Build first npm run build # Then run AIRTABLE_TOKEN=your_token AIRTABLE_BASE_ID=your_base \ node node_modules/@rashidazarang/airtable-mcp/dist/typescript/airtable-mcp-server.js ``` --- ## 📋 Migration Guide ### From v3.0.x or earlier 1. Update to v3.2.4: `npm update @rashidazarang/airtable-mcp` 2. If using TypeScript, rebuild: `npm run build` 3. No code changes required ### From v3.1.x 1. Update to v3.2.4: `npm update @rashidazarang/airtable-mcp` 2. No changes required - security patches only ### From v3.2.1-3.2.3 1. Update to v3.2.4: `npm update @rashidazarang/airtable-mcp` 2. Get latest security fixes --- ## ⚠️ Important Security Notice **All users should update to v3.2.4 immediately** to get: - Complete XSS protection in OAuth2 flows - Full command injection prevention - Path traversal protection - Comprehensive input validation --- ## 📊 Version Comparison | Feature | v3.2.1 | v3.2.2 | v3.2.3 | v3.2.4 | |---------|--------|--------|--------|--------| | TypeScript Compilation | ✅ Fixed | ✅ | ✅ | ✅ | | Project Structure | ✅ New | ✅ | ✅ | ✅ | | Command Injection Fix | ❌ | ⚠️ Partial | ✅ Complete | ✅ | | XSS Protection | ❌ | ❌ | ❌ | ✅ Complete | | Production Ready | ✅ | ✅ | ✅ | ✅ | --- ## 🙏 Acknowledgments - GitHub Security Scanning for identifying vulnerabilities - Community for patience during rapid security updates - Contributors to the TypeScript architecture improvements --- ## 📚 Resources - **Repository:** https://github.com/rashidazarang/airtable-mcp - **Issues:** https://github.com/rashidazarang/airtable-mcp/issues - **NPM:** https://www.npmjs.com/package/@rashidazarang/airtable-mcp - **Changelog:** [CHANGELOG.md](./CHANGELOG.md) --- **Current Version: v3.2.4** **Status: Fully Secure & Production Ready** **Last Updated: September 9, 2025**

Loading blob content...

Latest Blog Posts

How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash
What is Streamable HTTP in MCP?
By punkpeye on January 2, 2026.
Streamable HTTP
What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/rashidazarang/airtable-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

v3.2.x-SUMMARY.md•6.69 kB