verint.com/obsidian-mcp
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix: allow ampersands in filenames while blocking command injection (v1.1.2)

Browse Source 
Fixes #2 - Files with & in their names (e.g., 'Research & Development.md')
were being incorrectly sanitized, causing search and file-not-found errors.

Changes:
- Removed & from DANGEROUS_CHARS regex
- Single & is safe in quoted arguments passed to CLI
- Dangerous && patterns still blocked by COMMAND_INJECTION_PATTERNS
- Also allows (), [], {} which are safe in quoted args

Version: 1.1.2

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Peter Morton
2026-04-14 16:58:18 -05:00
parent 466587d1c5
commit 57b58a0d22
4 changed files with 21 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
CHANGELOG.md
View File

@@ -73,6 +73,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Comprehensive input schema definitions
- Security audit of parameter handling
## [1.1.2] - 2026-04-14
### Fixed
- **Ampersand in Filenames**: Fixed issue #2 where files with `&` in their names (e.g., "Research & Development.md") were causing search and file-not-found errors
- Single ampersands are now preserved in filenames and paths
- Security maintained: Dangerous `&&` command operators are still blocked by injection pattern detection
- Also preserves parentheses `()`, brackets `[]`, and braces `{}` which are safe in quoted CLI arguments
- Affects all file operations and search tools
## [1.1.1] - 2026-04-10
### Fixed
@@ -105,6 +114,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## Version History
- **1.1.2** - Bug fix release: Ampersand support in filenames (fixes #2)
- **1.1.1** - Bug fix release: Quote escaping in note content
- **1.1.0** - Bug fix release: Square brackets preservation in note content
- **1.0.0** - Initial release with 28 MCP tools across 3 user stories
@@ -112,6 +122,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Search & Discovery (12 tools)
- Task & Property Management (8 tools)
[1.1.2]: https://github.com/yourusername/obsidian-mcp/releases/tag/v1.1.2
[1.1.1]: https://github.com/yourusername/obsidian-mcp/releases/tag/v1.1.1
[1.1.0]: https://github.com/yourusername/obsidian-mcp/releases/tag/v1.1.0
[1.0.0]: https://github.com/yourusername/obsidian-mcp/releases/tag/v1.0.0