`MCP Servers` Python workspaces patch multiple security alerts

Security fixes landed across git, fetch, and time workspaces. Worth updating if you run official MCP servers; no product-level feature change.

[ KEY POINTS ]

gitpython moved from 3.1.45 to 3.1.49, closing high-severity command injection paths through Git options validation.
lxml 5.3.0 to 6.1.0 fixes XXE exposure in parser defaults; fetch servers handling untrusted XML should update quickly.
pyjwt 2.10.1 to 2.12.1 closes unknown crit header acceptance across all three Python workspaces.
Verification is solid: uv run pytest passed with 20 fetch, 38 time, and 41 git tests; Windows cleanup errors were preexisting.

Originalgithub.com/modelcontextprotocol/servers/commit/0db9a34071c9b4d7568e4d1508139e3405434e1cRead original →

// related

#0001
#0001Agents & tools Cline Releases41 minutes ago
`Cline CLI` `v3.0.9` speeds up plugin startup and config toggles
50radar
ClineCoding agent CLI — plugin-based automation support
Plugin-heavy CLI sessions start faster. Optimistic TUI updates and cached tool descriptors reduce friction, worth updating if Cline CLI is in daily use.
- Sandboxed plugins now load concurrently, with tool descriptors cached per plugin, provider, and model. Startup latency should drop most in plugin-heavy setups.
- Plugin and tool config toggles update the TUI optimistically and persist without full config reloads. Less waiting while switching tools on and off.
- The @ mention file picker restores fuzzy ranking, so relevant files surface first again. Small fix, but it cuts prompt setup friction.
- Cancelled tasks no longer tear down the interactive session, and abort cleanup failures no longer crash the runtime host.
Source: github.com/cline/cline/releases/tag/cli-v3.0.9Read original →
FIG-0011:1
50radar
FIG-0011:1
#0002
#0002Agents & tools Google AI Forum1 hour ago
`Antigravity` `v2.0.0` Linux build hit by serious usability bugs
50radar
AntigravityAI coding agent IDE — Google-built developer agent tool
The Linux upgrade path is risky: broken window chrome, messy workspace indexing, hidden IDE entry, and leaked processes. Hold upgrades on active projects.
- Closing with the window X leaves background processes alive, locking ports and directories; File -> Quit is the only clean exit path mentioned.
- Workspace indexing creates duplicate virtual folders like Diary 9 and Diary 10, scattering chat history across fake project paths.
- The standalone Agent window has no clear route into the code editor, weakening the unified agent-plus-IDE workflow.
- A third-party patcher exists for native window borders, but needing internal-file patches is not acceptable for a daily coding tool.
Source: discuss.ai.google.dev/t/critical-usability-and-process-lRead original →
FIG-0021:1
50radar
FIG-0021:1
#0003
#0003Agents & tools Google AI Forum2 hours ago
`Antigravity 2.0` installer hijacks existing IDE launcher on Windows
50radar
AntigravityAI coding IDE — Google-backed agent development environment
The installer writes 2.0 into the same Electron resources path as the old IDE. Side-by-side use is broken; Windows users should install separately or keep the workaround ready.
- Antigravity IDE.exe and Antigravity.exe both load resources/app.asar first, so the executable name does not isolate products.
- Existing IDE 1.107.0 files remain on disk, but resources/app/ is shadowed by the new app.asar; the launcher opens 2.0 instead.
- Temporary fix: rename resources\app.asar so the IDE falls back to resources\app\. This disables clean coexistence with 2.0.
- The durable fix is a separate install directory such as %LOCALAPPDATA%\Programs\Antigravity2\, or installer detection before overwriting shared resources.
Source: discuss.ai.google.dev/t/antigravity-2-0-installer-breaksRead original →
FIG-0031:1
50radar
FIG-0031:1

`MCP Servers` Python workspaces patch multiple security alerts

// related

`Cline CLI` `v3.0.9` speeds up plugin startup and config toggles

`Antigravity` `v2.0.0` Linux build hit by serious usability bugs

`Antigravity 2.0` installer hijacks existing IDE launcher on Windows