chore: bump version to 0.9.3 with security fix

salacoste · claude · salacoste · commit b9d1d7108bc8 · 2025-12-27T19:12:05.000+03:00
Security Release: - Fixed critical security issue from 0.9.2 (exposed API key) - Removed log files from npm package - Updated changelog to document security fix ⚠️ IMPORTANT: Versions 0.9.1 and 0.9.2 were unpublished due to security issue 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,7 +5,25 @@ All notable changes to the n8n Workflow Builder MCP Server will be documented in
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [0.9.2] - 2025-12-27
+## [0.9.3] - 2025-12-27
+
+### Security Fix 🔒
+**CRITICAL: Removed sensitive log files from npm package**
+
+### Fixed
+- **SECURITY**: Prevented `server.log` and other log files from being published to npm
+- **SECURITY**: Added `*.log` to `.npmignore` to block all log files
+- **SECURITY**: Unpublished versions 0.9.1 and 0.9.2 that contained sensitive data
+
+### Changed
+- **Package size reduced** - 653.2 KB (down from 699 KB) by excluding log files
+- **File count reduced** - 200 files (down from 201)
+
+⚠️ **IMPORTANT**: If you downloaded version 0.9.1 or 0.9.2, please rotate your n8n API key immediately as it may have been exposed.
+
+## [0.9.2] - 2025-12-27 [YANKED]
+
+**⚠️ This version was unpublished due to security issue (exposed API key in server.log)**
 
 ### Documentation & Discoverability
 **Enhanced npm package metadata and documentation integration**
diff --git a/docs/about/changelog.md b/docs/about/changelog.md
@@ -5,7 +5,25 @@ All notable changes to the n8n Workflow Builder MCP Server will be documented in
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [0.9.2] - 2025-12-27
+## [0.9.3] - 2025-12-27
+
+### Security Fix 🔒
+**CRITICAL: Removed sensitive log files from npm package**
+
+### Fixed
+- **SECURITY**: Prevented `server.log` and other log files from being published to npm
+- **SECURITY**: Added `*.log` to `.npmignore` to block all log files
+- **SECURITY**: Unpublished versions 0.9.1 and 0.9.2 that contained sensitive data
+
+### Changed
+- **Package size reduced** - 653.2 KB (down from 699 KB) by excluding log files
+- **File count reduced** - 200 files (down from 201)
+
+⚠️ **IMPORTANT**: If you downloaded version 0.9.1 or 0.9.2, please rotate your n8n API key immediately as it may have been exposed.
+
+## [0.9.2] - 2025-12-27 [YANKED]
+
+**⚠️ This version was unpublished due to security issue (exposed API key in server.log)**
 
 ### Documentation & Discoverability
 **Enhanced npm package metadata and documentation integration**
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@kernel.salacoste/n8n-workflow-builder",
-  "version": "0.9.2",
+  "version": "0.9.3",
   "description": "AI-powered n8n workflow management via Model Context Protocol (MCP). Create, manage, and monitor workflows through natural language with Claude AI. Multi-instance support with comprehensive documentation.",
   "scripts": {
     "clean": "rm -rf build",

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@kernel.salacoste/n8n-workflow-builder",`
`3`		`- "version": "0.9.2",`
	`3`	`+ "version": "0.9.3",`
`4`	`4`	`"description": "AI-powered n8n workflow management via Model Context Protocol (MCP). Create, manage, and monitor workflows through natural language with Claude AI. Multi-instance support with comprehensive documentation.",`
`5`	`5`	`"scripts": {`
`6`	`6`	`"clean": "rm -rf build",`