-
Notifications
You must be signed in to change notification settings - Fork 1
Changelog
Temp edited this page Dec 6, 2025
·
3 revisions
All notable changes to the PostgreSQL MCP Server project are documented here.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
Status: Production/Stable - Security & Python 3.13 Update 🔒
Docker Image: writenotenow/postgres-mcp-enhanced:v1.1.1
PyPI Package: postgres-mcp-enhanced v1.1.1
Fixed 3 HIGH severity CVEs:
-
urllib3 upgraded to v2.6.0 (fixed CVE-2025-66471, CVE-2025-66418)
- CVE-2025-66471: Improper handling of highly compressed data (CVSS 8.9)
- CVE-2025-66418: Allocation of resources without limits (CVSS 8.9)
-
mcp upgraded to v1.23.1 (fixed CVE-2025-66416)
- CVE-2025-66416: Initialization of resource with insecure default (CVSS 7.6)
- All Python dependencies patched to latest secure versions
- Docker images now use Python 3.13 (aligned with SQLite MCP Server)
- Performance improvements from Python 3.13 enhancements (~10% faster)
- Local development supports Python 3.12, 3.13, and 3.14
- CI/CD pipelines updated to Python 3.13
- Type checking maintained with full compatibility
Major updates include:
-
humanize: 4.8.0 → 4.14.0 -
psycopg: 3.2.6 → 3.3.2 -
psycopg-pool: 3.2.6 → 3.3.0 -
instructor: 1.7.9 → 1.13.0 -
starlette: 0.49.1 → 0.50.0 -
aiohttp: Updated with security patches -
requests: 2.32.4 → 2.32.5 - Plus 40+ other dependency updates
- Regenerated
uv.lockfor Python 3.13 compatibility - Updated all configuration files (.python-version, pyrightconfig.json, etc.)
- Fixed pytest-asyncio configuration for async tests
- Enhanced CI/CD workflows for Python 3.13
- Maintained 100% backward compatibility
- All 153 tests passing
- Zero linter errors maintained
- Pyright strict mode compliance preserved
- Docker build verified on Python 3.13
- Multi-platform support (amd64, arm64) confirmed
- Security: Eliminated all known HIGH severity vulnerabilities in Python dependencies
- Performance: ~10% performance improvement from Python 3.13
- Compatibility: Drop-in replacement, no breaking changes
- Consistency: Both PostgreSQL and SQLite MCP servers now on Python 3.13
- Updated README with Python 3.13 support information
- Updated installation guides for Python version requirements
- Added security patch notes to release documentation
Status: Production/Stable - Major Release
Docker Image: writenotenow/postgres-mcp-enhanced:v1.1.0
PyPI Package: postgres-mcp-enhanced v1.1.0
Real-time database meta-awareness that AI can access automatically:
- database://schema - Instant access to all tables, columns, types, and indexes
- database://capabilities - Available extensions, features, and pg_stat_statements status
- database://performance - Top queries, cache hit rates, slow queries
- database://health - Connection pool, indexes, vacuum status
- database://extensions - pgvector, PostGIS, hypopg availability with versions
- database://indexes - Usage statistics, size, recommendations
- database://connections - Active connections, utilization, pool status
- database://replication - Replication lag and health monitoring
- database://vacuum - Bloat, last vacuum/analyze times, transaction ID status
- database://locks - Active locks, blocking queries, deadlock detection
- database://statistics - Table statistics quality and staleness
Guided workflows for complex operations:
- optimize_query - Step-by-step query optimization workflow
- index_tuning - Comprehensive index recommendations and analysis
- database_health_check - Full health assessment workflow
- setup_pgvector - Complete vector search setup guide
- setup_postgis - Complete geospatial setup guide
- json_operations - JSONB best practices and optimization guide
- performance_baseline - Establish performance baselines
- backup_strategy - Comprehensive backup planning
- extension_setup - Step-by-step extension installation
- explain_analyze_workflow - Deep dive query analysis
- Intelligent Assistant: Transformed from tool collection to database expert with proactive optimization suggestions
- Type Safety: Resolved 2,000+ type issues for 100% type-safe codebase
- Code Quality: Achieved Pyright strict mode compliance
- Zero Linter Errors: Clean codebase with comprehensive type checking
- Enhanced Reliability: Improved error handling and edge case management
- Implemented intelligent context-aware recommendations
- Added PostgreSQL-specific best practices integration
- Reduced token usage through cached context via resources
- Enhanced maintainability through comprehensive type coverage
- ✅ Zero Breaking Changes - All existing tools work unchanged
- All 63 tools from v1.0.x remain fully functional
- Backward compatible with all v1.0.x configurations
Status: Production/Stable - First Stable Release 🎉
Docker Image: writenotenow/postgres-mcp-enhanced:v1.0.0
PyPI Package: postgres-mcp-enhanced v1.0.0
- Production Ready: Enterprise-grade PostgreSQL MCP server
- 63 Specialized Tools: Complete feature set across 9 categories
- Multi-Platform Support: Windows, Linux, macOS (amd64, arm64)
- Comprehensive Documentation: 16-page wiki with examples and guides
- ✅ Zero Known Vulnerabilities - Comprehensive security audit passed
- ✅ SQL Injection Prevention - All queries use parameter binding
- ✅ 20+ Security Tests - All attack vectors covered
- ✅ CodeQL Scanning - Continuous security monitoring
- ✅ Dual Security Modes - Restricted (production) and unrestricted (development)
- ✅ Type Safety - Pyright strict mode compliance
- ✅ Clean Codebase - Zero linter errors
- ✅ Comprehensive Testing - 90%+ test coverage
- ✅ PostgreSQL 13-18 - Full version compatibility
Pre-release Development Phase
-
backup_create_plan- Create comprehensive backup strategies -
backup_validate_restore- Validate backup integrity -
backup_analyze_schedule- Analyze and optimize backup schedules -
backup_estimate_resources- Estimate backup resource requirements
-
monitor_database_health- Real-time health monitoring -
monitor_query_performance- Query performance tracking -
monitor_connection_pool- Connection pool monitoring -
monitor_capacity_planning- Capacity forecasting -
monitor_alert_thresholds- Configure alerting thresholds
- All 63 tools operational and tested
- Ruff formatting and linting passing
- Integration tests passing
Pre-release Development Phase
-
vector_store_embedding- Store vector embeddings with pgvector -
vector_similarity_search- Semantic similarity search -
vector_cosine_similarity- Calculate cosine similarity -
vector_euclidean_distance- Calculate Euclidean distance -
vector_inner_product- Calculate inner product -
vector_dimension_reduce- Dimensionality reduction -
vector_cluster_kmeans- K-means clustering -
vector_index_create- Create vector indexes (IVFFlat, HNSW)
-
geo_calculate_distance- Distance between coordinates -
geo_within_radius- Points within radius search -
geo_create_point- Create PostGIS point geometries -
geo_create_polygon- Create PostGIS polygon geometries -
geo_spatial_index- Create spatial indexes -
geo_transform_coordinates- Coordinate system transformation -
geo_spatial_join- Spatial relationship joins
- pgvector v0.8.0 - Full vector operations support
- PostGIS v3.5.0 - Complete geospatial capabilities
- Graceful Degradation - Informative errors for missing extensions
Pre-release Development Phase
-
stats_descriptive- Mean, median, mode, std dev, variance -
stats_correlation- Pearson/Spearman correlation analysis -
stats_regression_linear- Linear regression modeling -
stats_time_series_analysis- Time series trend analysis -
stats_percentiles- Calculate percentiles and quartiles -
stats_distribution_analysis- Distribution shape analysis -
stats_outlier_detection- Statistical outlier identification -
stats_hypothesis_test- T-tests and chi-square tests
-
performance_analyze_query- EXPLAIN ANALYZE with insights -
performance_suggest_indexes- DTA algorithm-based recommendations -
performance_analyze_workload- Workload pattern analysis -
performance_test_hypothetical_index- HypoPG integration -
performance_buffer_cache_analysis- Cache hit ratio analysis -
performance_query_plan_comparison- Compare execution plans
- Microsoft SQL Server-inspired DTA (Database Tuning Advisor) algorithm
- HypoPG integration for zero-risk index testing
- Real-time analytics via pg_stat_statements
- 99%+ accuracy buffer cache monitoring
Pre-release Development Phase
-
text_similarity_trigram- Trigram-based similarity matching -
text_search_full_text- PostgreSQL full-text search -
text_fuzzy_match- Levenshtein distance matching -
text_soundex- Soundex phonetic matching -
text_metaphone- Metaphone phonetic algorithm -
text_create_tsvector- Create full-text search vectors
-
json_validate- JSONB schema validation -
json_extract- Extract values from JSONB -
json_query- Query JSONB with path expressions -
json_update- Update JSONB values -
json_merge- Deep merge JSONB objects -
json_diff- Compare JSONB structures -
json_array_operations- Array manipulation -
json_keys- Extract all keys from JSONB -
json_transform- Transform JSONB structure -
json_security_scan- Scan for security issues -
json_validate_email- Email validation in JSONB -
json_validate_url- URL validation in JSONB -
json_extract_nested- Deep nested value extraction -
json_flatten- Flatten nested JSONB -
json_schema_validate- JSON schema compliance
- Comprehensive JSONB operation support
- Advanced validation and security scanning
- Performance-optimized queries
Pre-release Development Phase - Initial Release
-
list_tables- List all tables in database -
describe_table- Get table schema details -
execute_query- Execute SELECT queries safely -
get_table_row_count- Get accurate row counts -
list_indexes- List table indexes -
list_foreign_keys- List foreign key relationships -
check_database_health- Database health check -
list_extensions- List installed PostgreSQL extensions -
analyze_table_stats- Table statistics analysis
- SQL injection prevention via parameter binding
- Input validation framework
- Query sanitization
- Restricted mode implementation
- Docker support with multi-platform builds (amd64, arm64)
- PyPI package distribution
- MCP protocol integration
- Connection pooling with psycopg3
- Comprehensive error handling
- Unit test framework
- Integration tests
- Security test suite
- CI/CD pipeline setup
| Version | Release Date | Type | Highlights |
|---|---|---|---|
| 1.1.1 | 2025-12-06 | Security | 🔒 3 HIGH CVEs fixed, Python 3.13, 50+ deps updated |
| 1.1.0 | 2025-10-04 | Major | Resources, Prompts, Intelligent Assistant |
| 1.0.0 | 2025-10-03 | Major | Production release, 63 tools |
| Phase 5 | 2025-10-03 | Dev | Backup & Monitoring (9 tools) |
| Phase 4 | 2025-10-03 | Dev | Vector & Geospatial (15 tools) |
| Phase 3 | 2025-10-03 | Dev | Stats & Performance (14 tools) |
| Phase 2 | 2025-10-02 | Dev | Text & JSON (21 tools) |
| Phase 1 | 2025-10-01 | Dev | Core Database (9 tools) |
| Category | Count | Status |
|---|---|---|
| Core Database | 9 | ✅ Stable |
| JSON Operations | 15 | ✅ Stable |
| Text Processing | 6 | ✅ Stable |
| Statistical Analysis | 8 | ✅ Stable |
| Performance Intelligence | 6 | ✅ Stable |
| Vector/Semantic Search | 8 | ✅ Stable |
| Geospatial Operations | 7 | ✅ Stable |
| Backup & Recovery | 4 | ✅ Stable |
| Monitoring & Alerting | 5 | ✅ Stable |
| Total | 63 | ✅ Production |
| Resource | Added | Status |
|---|---|---|
| database://schema | v1.1.0 | ✅ Stable |
| database://capabilities | v1.1.0 | ✅ Stable |
| database://performance | v1.1.0 | ✅ Stable |
| database://health | v1.1.0 | ✅ Stable |
| database://extensions | v1.1.0 | ✅ Stable |
| database://indexes | v1.1.0 | ✅ Stable |
| database://connections | v1.1.0 | ✅ Stable |
| database://replication | v1.1.0 | ✅ Stable |
| database://vacuum | v1.1.0 | ✅ Stable |
| database://locks | v1.1.0 | ✅ Stable |
| database://statistics | v1.1.0 | ✅ Stable |
| Prompt | Added | Status |
|---|---|---|
| optimize_query | v1.1.0 | ✅ Stable |
| index_tuning | v1.1.0 | ✅ Stable |
| database_health_check | v1.1.0 | ✅ Stable |
| setup_pgvector | v1.1.0 | ✅ Stable |
| setup_postgis | v1.1.0 | ✅ Stable |
| json_operations | v1.1.0 | ✅ Stable |
| performance_baseline | v1.1.0 | ✅ Stable |
| backup_strategy | v1.1.0 | ✅ Stable |
| extension_setup | v1.1.0 | ✅ Stable |
| explain_analyze_workflow | v1.1.0 | ✅ Stable |
| Python Version | Docker | PyPI Package | Local Dev | Status |
|---|---|---|---|---|
| 3.14 | ❌ | ✅ Supported | ✅ Tested | Latest |
| 3.13 | ✅ Default | ✅ Supported | ✅ Tested | Recommended |
| 3.12 | ❌ (was default) | ✅ Supported | ✅ Tested | Supported |
| 3.11 and below | ❌ | ❌ | ❌ | Not Supported |
Notes:
- Docker images use Python 3.13 (as of v1.1.1)
- PyPI package supports Python 3.12, 3.13, and 3.14
- Python 3.13 recommended for best performance (~10% faster than 3.12)
| PostgreSQL Version | Support Status | Notes |
|---|---|---|
| 18 | ✅ Full Support | Latest version |
| 17 | ✅ Full Support | |
| 16 | ✅ Full Support | |
| 15 | ✅ Full Support | |
| 14 | ✅ Full Support | |
| 13 | ✅ Full Support | Minimum version |
| 12 and below | ❌ Not Supported | Please upgrade |
| Extension | Required | Version | Features |
|---|---|---|---|
| pg_stat_statements | Recommended | Built-in | Query performance tracking |
| pg_trgm | Recommended | Built-in | Text similarity search |
| fuzzystrmatch | Recommended | Built-in | Fuzzy string matching |
| hypopg | Optional | Latest | Hypothetical index testing |
| pgvector | Optional | v0.8.0+ | Vector similarity search |
| PostGIS | Optional | v3.5.0+ | Geospatial operations |
| Platform | Architecture | Status | Notes |
|---|---|---|---|
| Linux | amd64 | ✅ Full Support | Primary platform |
| Linux | arm64 | ✅ Full Support | |
| macOS | amd64 | ✅ Full Support | Intel Macs |
| macOS | arm64 | ✅ Full Support | Apple Silicon |
| Windows | amd64 | ✅ Full Support | WSL2 recommended |
| Channel | Status | Link |
|---|---|---|
| Docker Hub | ✅ Active | writenotenow/postgres-mcp-enhanced |
| PyPI | ✅ Active | postgres-mcp-enhanced |
| MCP Registry | ✅ Active | Official Listing |
| GitHub Releases | ✅ Active | Releases |
This is a drop-in replacement with no breaking changes:
Docker users:
# Pull the latest image with Python 3.13
docker pull writenotenow/postgres-mcp-enhanced:v1.1.1
# Update your docker-compose.yml or configuration to use v1.1.1Python/pip users:
# Upgrade to latest version
pip install --upgrade postgres-mcp-enhanced
# Works with Python 3.12, 3.13, or 3.14What changes:
- ✅ Docker now uses Python 3.13 (was 3.12)
- ✅ 3 HIGH severity CVEs are fixed
- ✅ 50+ dependencies updated
- ✅ ~10% performance improvement
What stays the same:
- ✅ All 63 tools work identically
- ✅ All APIs and configurations unchanged
- ✅ 100% backward compatible
All v1.0.x tools remain fully functional. You gain:
- ✨ 10 new MCP Resources for database meta-awareness
- ✨ 10 new MCP Prompts for guided workflows
- ✨ Enhanced AI assistant capabilities
- ✨ Improved performance and stability
No breaking changes - Upgrade with confidence!
As of v1.1.1, there are zero known security vulnerabilities in the PostgreSQL MCP Server.
All security advisories and updates are documented in this section:
3 HIGH severity vulnerabilities fixed:
-
urllib3 CVE-2025-66471 (CVSS 8.9 - HIGH)
- Issue: Improper handling of highly compressed data (data amplification attack)
- Fixed in: urllib3 v2.6.0 (upgraded from v2.5.0)
- Impact: Could lead to denial of service via compressed payloads
-
urllib3 CVE-2025-66418 (CVSS 8.9 - HIGH)
- Issue: Allocation of resources without limits or throttling
- Fixed in: urllib3 v2.6.0 (upgraded from v2.5.0)
- Impact: Resource exhaustion attacks possible
-
mcp CVE-2025-66416 (CVSS 7.6 - HIGH)
- Issue: Initialization of resource with insecure default
- Fixed in: mcp v1.23.1 (upgraded from v1.16.0)
- Impact: Potential security bypass in default configurations
Additional security updates:
- Updated
starletteto v0.50.0 (CVE-2025-62727, CVE-2025-54121) - Updated
aiohttpto v3.13.2 (CVE-2025-53643) - Updated
requeststo v2.32.5 (CVE-2024-47081) - Upgraded 50+ dependencies to latest secure versions
Report security vulnerabilities to: admin@adamic.tech
No known critical issues.
- ✅ [v1.1.1] Connection pool edge case under high load
- ✅ [v1.1.1] Resource caching behavior in certain scenarios
- ✅ [v1.1.0] Type annotation coverage (2,000+ issues resolved)
Currently, there are no deprecated features.
The PostgreSQL MCP Server maintains backward compatibility across all releases. All tools, resources, and prompts introduced in previous versions continue to be fully supported.
- 📚 Wiki Documentation - Comprehensive guides
- 🔍 AI Search - Natural language search across all tools
- 💬 GitHub Discussions - Community Q&A
- 🐛 GitHub Issues - Bug reports
Contributions are welcome! See our Contributing Guide.
- Maintenance releases (patch versions): As needed for bug fixes and security updates
- Feature releases (minor versions): Quarterly, with new tools and capabilities
- Major releases (major versions): Annually, with significant architectural changes
This project is licensed under the MIT License - see the LICENSE file for details.
Special thanks to:
- The PostgreSQL community for the incredible database
- The Model Context Protocol team for the MCP framework
- All contributors and users who provided feedback and bug reports
- The maintainers of pgvector, PostGIS, and HypoPG extensions
⭐ If you find this project useful, please star it on GitHub!
Enterprise-grade PostgreSQL MCP server with comprehensive security, real-time analytics, and AI-native operations.