verint.com/obsidian-mcp
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
82d2409fe3e5341ce719f53ad4c57d01b3ecf486
obsidian-mcp/CHANGELOG.md
Peter.Morton 57b58a0d22 fix: allow ampersands in filenames while blocking command injection (v1.1.2) 
Fixes #2 - Files with & in their names (e.g., 'Research & Development.md')
were being incorrectly sanitized, causing search and file-not-found errors.

Changes:
- Removed & from DANGEROUS_CHARS regex
- Single & is safe in quoted arguments passed to CLI
- Dangerous && patterns still blocked by COMMAND_INJECTION_PATTERNS
- Also allows (), [], {} which are safe in quoted args

Version: 1.1.2

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-14 17:05:18 -05:00

129 lines
6.2 KiB
Markdown
Raw Blame History

# Changelog
All notable changes to the Obsidian MCP Bundle will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [1.0.0] - 2026-03-22
### Added
#### File Operations (User Story 1)
- `obsidian_create_note` - Create new notes with optional content and frontmatter properties
- `obsidian_read_note` - Read note content by filename or path
- `obsidian_append_to_note` - Append content to existing notes
- `obsidian_prepend_to_note` - Prepend content to existing notes
- `obsidian_delete_note` - Delete notes from vault
- `obsidian_move_note` - Move notes to different folders
- `obsidian_rename_note` - Rename note files
- `obsidian_open_note` - Open notes in Obsidian application
#### Search & Discovery (User Story 2)
- `obsidian_search` - Full-text search with query filters, path scoping, case sensitivity, and format options (text/json)
- `obsidian_get_backlinks` - Find all notes linking to a specific note
- `obsidian_list_outgoing_links` - List all links from a note to other notes
- `obsidian_list_unresolved_links` - Identify broken/non-existent links across vault
- `obsidian_list_tags` - List all tags in vault or specific note
- `obsidian_search_by_tag` - Find notes containing specific tags
- `obsidian_get_tag_count` - Count usage of specific tags
- `obsidian_list_aliases` - List all aliases in vault or per note
- `obsidian_list_properties` - List all frontmatter properties used in vault
- `obsidian_get_property_count` - Count usage of specific properties
#### Task Management (User Story 3)
- `obsidian_list_tasks` - List tasks with filtering by status, file, path, tags; supports multiple output formats
- `obsidian_toggle_task` - Toggle task completion status between done and todo
- `obsidian_mark_task_done` - Mark tasks as completed
- `obsidian_mark_task_todo` - Mark tasks as incomplete
- `obsidian_update_task_status` - Set custom task status characters (-, >, !, ?, etc.)
#### Property Management (User Story 3)
- `obsidian_get_property` - Read single property value from a file
- `obsidian_set_property` - Set or update frontmatter properties with type specification
- `obsidian_remove_property` - Remove properties from files
### Infrastructure
- **MCP Protocol**: Full compliance with Model Context Protocol via @modelcontextprotocol/sdk
- **MCPB Bundle**: Conforms to MCPB specification v0.3 with complete manifest
- **Validation**: Zod schemas for all tool inputs with runtime type checking
- **Error Handling**: Consistent error responses with actionable messages
- **Security**: Input sanitization and parameter validation for all tools
- **Timeout Management**: 30-second timeout for CLI operations
- **Parameter Quoting**: Automatic quoting for filenames/values containing spaces
- **Logging**: stderr-only logging with sensitive data sanitization
### Technical Details
- **TypeScript**: Fully typed codebase with strict mode enabled
- **Node.js**: ES2022 module format with ESNext target
- **Transport**: stdio JSON-RPC for MCP communication
- **CLI Integration**: Wrapper for Obsidian CLI with proper parameter formatting
- **Bundle Format**: .mcpb packaging with manifest, icons, and compiled code
### Documentation
- Complete README with installation instructions for Claude Desktop extensions
- Manifest with detailed tool descriptions and parameter schemas
- Input validation and error documentation
- Development and testing guidelines
### Quality
- Zero TypeScript compilation errors
- MCPB manifest validation passes
- All tools tested with Obsidian CLI
- Comprehensive input schema definitions
- Security audit of parameter handling
## [1.1.2] - 2026-04-14
### Fixed
- **Ampersand in Filenames**: Fixed issue #2 where files with `&` in their names (e.g., "Research & Development.md") were causing search and file-not-found errors
- Single ampersands are now preserved in filenames and paths
- Security maintained: Dangerous `&&` command operators are still blocked by injection pattern detection
- Also preserves parentheses `()`, brackets `[]`, and braces `{}` which are safe in quoted CLI arguments
- Affects all file operations and search tools
## [1.1.1] - 2026-04-10
### Fixed
- **Quote Escaping**: Fixed critical bug where note content was being truncated when containing double quotes
- Content like `"Bot QM"` is now properly escaped and passed to the CLI without truncation
- Internal double quotes are escaped as `\"` before being wrapped in parameter quotes
- Prevents shell from misinterpreting quote boundaries in parameter values
- Affects all tools that pass content: create, append, prepend, search queries, etc.
## [1.1.0] - 2026-04-10
### Fixed
- **Square Brackets Preservation**: Fixed critical bug where square brackets `[` and `]` were being removed from note content during sanitization
- Wikilinks (`[[link]]`) now work correctly when creating or modifying notes
- Task checkboxes (`- [ ] Task` and `- [x] Done`) are properly preserved
- Array notation and date formats with brackets are no longer corrupted
- Security: Square brackets are safe because parameter values are quoted and passed as array arguments to the CLI
- All dangerous shell metacharacters (`;`, `|`, `$()`, backticks, etc.) are still properly blocked
## [Unreleased]
### Planned
- Additional vault navigation tools (User Story 4 - deferred)
- Advanced features like templates and daily notes (User Story 5 - deferred)
- Performance optimizations for large vaults
- Expanded test coverage
- Multi-vault support enhancements
---
## Version History
- **1.1.2** - Bug fix release: Ampersand support in filenames (fixes #2)
- **1.1.1** - Bug fix release: Quote escaping in note content
- **1.1.0** - Bug fix release: Square brackets preservation in note content
- **1.0.0** - Initial release with 28 MCP tools across 3 user stories
- File Operations (8 tools)
- Search & Discovery (12 tools)
- Task & Property Management (8 tools)
[1.1.2]: https://github.com/yourusername/obsidian-mcp/releases/tag/v1.1.2
[1.1.1]: https://github.com/yourusername/obsidian-mcp/releases/tag/v1.1.1
[1.1.0]: https://github.com/yourusername/obsidian-mcp/releases/tag/v1.1.0
[1.0.0]: https://github.com/yourusername/obsidian-mcp/releases/tag/v1.0.0
Reference in New Issue View Git Blame Copy Permalink