@cardano402/mcp-server 0.1.2 fixes three security vulnerabilities

Three security vulnerabilities were fixed in @cardano402/[email protected]: no spending limits on signed payments, HTTP transport binding 0.0.0.0 without authentication, and SSRF via catalog.server.url.

Users of @cardano402/mcp-server versions <= 0.1.1, especially those using HTTP transport or connecting to untrusted catalogs.

Upgrade to version 0.1.2 immediately. If upgrade is not possible, apply workarounds: use stdio transport, only use trusted catalogs, use a low-balance hot wallet, and avoid MAINNET=true.