v1.3.1: 安全漏洞修复

xt765 · xt765 · commit 5785cf7e9ce1 · 2026-03-13T10:24:59.000+08:00
安全修复: - 升级 pypdf>=6.8.0，修复 CVE-2026-28804 - 修复 ASCIIHexDecode 流解码效率问题，防止 DoS 攻击 变更: - pypdf>=6.7.4 → pypdf>=6.8.0
diff --git a/README.md b/README.md
@@ -205,7 +205,7 @@ Read any supported document type.
 ### Core Dependencies
 - `mcp` >= 1.26.0 - MCP protocol implementation
 - `python-docx` >= 1.2.0 - DOCX file reading
-- `pypdf` >= 6.7.4 - PDF file reading (replaces PyPDF2)
+- `pypdf` >= 6.8.0 - PDF file reading (replaces PyPDF2)
 - `openpyxl` >= 3.1.5 - Excel file reading
 
 ### Development Dependencies
diff --git a/README.zh-CN.md b/README.zh-CN.md
@@ -205,7 +205,7 @@ if DocumentReaderFactory.is_supported("file.xlsx"):
 ### 核心依赖
 - `mcp` >= 1.26.0 - MCP 协议实现
 - `python-docx` >= 1.2.0 - DOCX 文件读取
-- `pypdf` >= 6.7.4 - PDF 文件读取（替代 PyPDF2）
+- `pypdf` >= 6.8.0 - PDF 文件读取（替代 PyPDF2）
 - `openpyxl` >= 3.1.5 - Excel 文件读取
 
 ### 开发依赖
diff --git a/docs/en/CHANGELOG.md b/docs/en/CHANGELOG.md
@@ -5,6 +5,18 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.3.1] - 2026-03-13
+
+### Security Fixes
+
+- **pypdf Security Vulnerability**: Upgraded pypdf>=6.8.0, fixing CVE-2026-28804
+  - Fixed inefficient decoding of ASCIIHexDecode streams, preventing DoS attacks
+
+### Changed
+
+- **Dependency Upgrades**:
+  - pypdf>=6.7.4 → pypdf>=6.8.0
+
 ## [1.3.0] - 2025-03-10
 
 ### Changed
diff --git a/docs/zh/CHANGELOG.md b/docs/zh/CHANGELOG.md
@@ -5,6 +5,18 @@
 格式基于 [Keep a Changelog](https://keepachangelog.com/zh-CN/1.0.0/)，
 本项目遵循 [语义化版本](https://semver.org/lang/zh-CN/)。
 
+## [1.3.1] - 2026-03-13
+
+### 安全修复
+
+- **pypdf 安全漏洞**：升级 pypdf>=6.8.0，修复 CVE-2026-28804
+  - 修复 ASCIIHexDecode 流解码效率问题，防止 DoS 攻击
+
+### 变更
+
+- **依赖升级**：
+  - pypdf>=6.7.4 → pypdf>=6.8.0
+
 ## [1.3.0] - 2025-03-10
 
 ### 变更
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "mcp-documents-reader"
-version = "1.3.0"
+version = "1.3.1"
 description = "An MCP enabled multi-format document reader supporting DOCX, PDF, TXT, and Excel files"
 keywords = ["mcp", "model-context-protocol", "document-reader", "pdf", "docx", "excel"]
 authors = [
@@ -11,7 +11,7 @@ requires-python = ">=3.10"
 dependencies = [
   "mcp>=1.26.0",
   "python-docx>=1.2.0",
-  "pypdf>=6.7.4",
+  "pypdf>=6.8.0",
   "openpyxl>=3.1.5",
   "typing_extensions>=4.15.0"
 ]
diff --git a/server.json b/server.json
@@ -3,7 +3,7 @@
   "name": "io.github.xt765/mcp_documents_reader",
   "title": "MCP Document Reader",
   "description": "An MCP enabled multi-format document reader supporting DOCX, PDF, TXT, and Excel files",
-  "version": "1.3.0",
+  "version": "1.3.1",
   "license": "MIT",
   "authors": [
     {
@@ -25,7 +25,7 @@
     {
       "registryType": "pypi",
       "identifier": "mcp-documents-reader",
-      "version": "1.3.0",
+      "version": "1.3.1",
       "transport": {
         "type": "stdio"
       }
diff --git a/uv.lock b/uv.lock

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@`
`3`	`3`	`"name": "io.github.xt765/mcp_documents_reader",`
`4`	`4`	`"title": "MCP Document Reader",`
`5`	`5`	`"description": "An MCP enabled multi-format document reader supporting DOCX, PDF, TXT, and Excel files",`
`6`		`- "version": "1.3.0",`
	`6`	`+ "version": "1.3.1",`
`7`	`7`	`"license": "MIT",`
`8`	`8`	`"authors": [`
`9`	`9`	`{`
`@@ -25,7 +25,7 @@`
`25`	`25`	`{`
`26`	`26`	`"registryType": "pypi",`
`27`	`27`	`"identifier": "mcp-documents-reader",`
`28`		`- "version": "1.3.0",`
	`28`	`+ "version": "1.3.1",`
`29`	`29`	`"transport": {`
`30`	`30`	`"type": "stdio"`
`31`	`31`	`}`