markitdown icon indicating copy to clipboard operation
markitdown copied to clipboard
verified publisher icon microsoft

Release to address the mammoth vulnerability?

Open cjellick opened this issue 1 month ago • 2 comments

Hi. I see you upgraded the mammoth dependency here: https://github.com/microsoft/markitdown/pull/1452

I'm assuming that's to address this CVE: https://avd.aquasec.com/nvd/2025/cve-2025-11849/

Are you planning to cut a release for it and if so do you plan to also cut a release of the MCP server? It has not had a release since May (0.0.1a4) whereas the main project was most recently released in August (0.1.3)

cjellick avatar Nov 04 '25 21:11 cjellick

We would also appreciate a fix for this issue.

MatanCaspi avatar Nov 05 '25 07:11 MatanCaspi

+1. Please consider a new release so I can fix this vulnerablity in my team's project.

C8H17OH avatar Nov 21 '25 08:11 C8H17OH

The upgraded dependency is now available in maintenance release 0.1.4.

I plan a larger release later this month as work on other projects slows for the holidays.

afourney avatar Dec 02 '25 17:12 afourney