Security context

What an agent needs to avoid regressing past fixes and find the next vuln in this repo.

redis/mcp-redis
main @ fc491ae
3
Fixes
0
CVEs
HIGH
Peak severity
Highlights
Broken Cryptography: 2 prior fixes. Scrutinize any change in this area.
src/common/connection.py: most-fixed (2 issues). Treat as high-risk during review.
1 high-severity fix in this history; regressions here are high-impact.
Recurring patterns

The bug types that recur here, drawn from past fixes, not open vulnerabilities.

Command Injection: User-controlled variables within the release workflow could allow malicious actors to inject arbitrary commands into the GitHub runner context if not sanitized using strict regular expression patterns and environment mapping.
Broken Cryptography: Misconfiguration or failure to correctly translate string-based SSL requirements into actual Python ssl module constants during Redis connections can result in completely disabled certificate verification, leaving connections vulnerable to Man-in-the-Middle (MitM) attacks.