Airtable MCP

MIT License

Overview InspectNew Endpoints Schema Related Servers Reviews Score

airtable-mcp

# Release Summary: v3.2.1 - v3.2.4
## Major Security & Architecture Updates

This document summarizes all releases from v3.2.1 to v3.2.4, representing a comprehensive overhaul of the Airtable MCP server with critical security fixes and architectural improvements.

---

## 📦 v3.2.4 - Complete XSS Security Fix
**Released:** September 9, 2025  
**Type:** 🔒 Security Release  
**GitHub Alerts:** #10 & #11 Resolved

### What's Fixed
- **XSS Vulnerabilities** in OAuth2 endpoint (`airtable_simple_production.js:708-710`)
  - ✅ Unicode escaping for all special characters in JSON
  - ✅ Using `textContent` instead of `innerHTML` for dynamic content
  - ✅ Multiple layers of character escaping
  - ✅ Defense-in-depth XSS prevention

### Technical Details
```javascript
// Before (Vulnerable)
var config = ${JSON.stringify(data)};
<p>Client ID: ${clientId}</p>

// After (Secure)
var config = ${safeJsonConfig}; // Unicode-escaped
document.getElementById('client-id').textContent = clientId;
```

---

## 📦 v3.2.3 - Command Injection Complete Fix
**Released:** September 9, 2025  
**Type:** 🔒 Security Release  
**GitHub Alert:** #10 (Python) Resolved

### What's Fixed
- **Command Injection** in Python test client (`test_client.py`)
  - ✅ BASE_ID validation at startup
  - ✅ Eliminated string interpolation vulnerabilities
  - ✅ Path traversal protection
  - ✅ Token format validation
  - ✅ Complete input sanitization

### Security Improvements
```python
# Before (Vulnerable)
result = api_call(f"meta/bases/{BASE_ID}/tables")

# After (Secure)
# BASE_ID validated at startup
if not all(c.isalnum() or c in '-_' for c in BASE_ID):
    print(f"Error: Invalid BASE_ID format")
    sys.exit(1)
endpoint = "meta/bases/" + BASE_ID + "/tables"
```

---

## 📦 v3.2.2 - Initial Security Patches
**Released:** September 9, 2025  
**Type:** 🔒 Security Release  
**GitHub Alert:** #10 Partial Fix

### What's Fixed
- **Initial command injection fixes** in `test_client.py`
  - ✅ Added input validation for API endpoints
  - ✅ Removed unused subprocess import
  - ✅ Basic endpoint sanitization

### Note
This was a partial fix. Complete resolution came in v3.2.3.

---

## 📦 v3.2.1 - TypeScript Architecture Fix & Project Restructure
**Released:** September 9, 2025  
**Type:** 🏗️ Major Architecture Update

### Critical Fix
- **TypeScript Compilation Issue** completely resolved
  - ✅ Fixed `.d.ts` files containing runtime code
  - ✅ Proper separation of types and implementation

### New Files Created
```
src/typescript/
├── errors.ts           # Runtime error classes
├── tools-schemas.ts    # Tool schema constants
└── prompt-templates.ts # AI prompt templates
```

### Project Restructure
```
airtable-mcp/
├── src/
│   ├── index.js           # Main entry point
│   ├── typescript/        # TypeScript implementation
│   ├── javascript/        # JavaScript implementation
│   └── python/           # Python implementation
├── dist/                 # Compiled output
├── docs/
│   ├── guides/          # User guides
│   └── releases/        # Release notes
├── tests/               # All test files
└── types/               # TypeScript definitions
```

### What Changed
- ✅ World-class project organization
- ✅ TypeScript now compiles successfully
- ✅ Proper build system with npm scripts
- ✅ ESLint and Prettier configurations
- ✅ Jest testing framework setup
- ✅ CI/CD pipeline structure

---

## 🎯 Combined Impact

### Security Fixes Summary
| Alert | Type | File | Version | Status |
|-------|------|------|---------|---------|
| #10 | XSS | `airtable_simple_production.js:708` | v3.2.4 | ✅ Fixed |
| #11 | XSS | `airtable_simple_production.js:710` | v3.2.4 | ✅ Fixed |
| #10 | Command Injection | `test_client.py` | v3.2.3 | ✅ Fixed |

### Architecture Improvements
- ✅ TypeScript compilation working
- ✅ Proper file organization
- ✅ Clean separation of concerns
- ✅ Professional build system
- ✅ Comprehensive testing setup

### Backwards Compatibility
✅ **No breaking changes** across all versions
- All existing functionality preserved
- API endpoints unchanged
- Both JS and TS implementations working

---

## 📥 Installation

### New Installation
```bash
npm install @rashidazarang/airtable-mcp@3.2.4
```

### Update from Any Previous Version
```bash
npm update @rashidazarang/airtable-mcp
```

### Verify Installation
```bash
npm list @rashidazarang/airtable-mcp
# Should show: @rashidazarang/airtable-mcp@3.2.4
```

---

## 🚀 Quick Start

### JavaScript
```bash
AIRTABLE_TOKEN=your_token AIRTABLE_BASE_ID=your_base \
  node node_modules/@rashidazarang/airtable-mcp/src/javascript/airtable_simple_production.js
```

### TypeScript
```bash
# Build first
npm run build

# Then run
AIRTABLE_TOKEN=your_token AIRTABLE_BASE_ID=your_base \
  node node_modules/@rashidazarang/airtable-mcp/dist/typescript/airtable-mcp-server.js
```

---

## 📋 Migration Guide

### From v3.0.x or earlier
1. Update to v3.2.4: `npm update @rashidazarang/airtable-mcp`
2. If using TypeScript, rebuild: `npm run build`
3. No code changes required

### From v3.1.x
1. Update to v3.2.4: `npm update @rashidazarang/airtable-mcp`
2. No changes required - security patches only

### From v3.2.1-3.2.3
1. Update to v3.2.4: `npm update @rashidazarang/airtable-mcp`
2. Get latest security fixes

---

## ⚠️ Important Security Notice

**All users should update to v3.2.4 immediately** to get:
- Complete XSS protection in OAuth2 flows
- Full command injection prevention
- Path traversal protection
- Comprehensive input validation

---

## 📊 Version Comparison

| Feature | v3.2.1 | v3.2.2 | v3.2.3 | v3.2.4 |
|---------|--------|--------|--------|--------|
| TypeScript Compilation | ✅ Fixed | ✅ | ✅ | ✅ |
| Project Structure | ✅ New | ✅ | ✅ | ✅ |
| Command Injection Fix | ❌ | ⚠️ Partial | ✅ Complete | ✅ |
| XSS Protection | ❌ | ❌ | ❌ | ✅ Complete |
| Production Ready | ✅ | ✅ | ✅ | ✅ |

---

## 🙏 Acknowledgments

- GitHub Security Scanning for identifying vulnerabilities
- Community for patience during rapid security updates
- Contributors to the TypeScript architecture improvements

---

## 📚 Resources

- **Repository:** https://github.com/rashidazarang/airtable-mcp
- **Issues:** https://github.com/rashidazarang/airtable-mcp/issues
- **NPM:** https://www.npmjs.com/package/@rashidazarang/airtable-mcp
- **Changelog:** [CHANGELOG.md](./CHANGELOG.md)

---

**Current Version: v3.2.4**  
**Status: Fully Secure & Production Ready**  
**Last Updated: September 9, 2025**

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/rashidazarang/airtable-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server