Security: Change default HOST from 0.0.0.0 to 127.0.0.1

## Problem

`HOST` defaults to `0.0.0.0`, binding the server to all network interfaces. This allows anyone on the same network to access the MCP server and your `GITLAB_TOKEN`.

**Affected:** [`src/config.ts`](https://github.com/structured-world/gitlab-mcp/blob/main/src/config.ts#L332)

```ts
export const HOST = process.env.HOST ?? "0.0.0.0"; // should be "127.0.0.1"
```

## Fix

Change the default to `127.0.0.1`. Docker users can still set `HOST=0.0.0.0` explicitly.

**Files to change:**

- `src/config.ts`: change default value
- `tests/unit/config.test.ts`: update expected value in test

## Reference

This was already fixed in the upstream repo: [zereight/gitlab-mcp#289](https://github.com/zereight/gitlab-mcp/pull/289)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security: Change default HOST from 0.0.0.0 to 127.0.0.1 #333

Problem

Fix

Reference

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security: Change default HOST from 0.0.0.0 to 127.0.0.1 #333

Description

Problem

Fix

Reference

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions