Skip to content

MCP Gateway v0.5.0 - 2025-08-06 - Enterprise Operability, Auth, Configuration & Observability

Latest
Latest
Compare
Choose a tag to compare
@crivetimihai crivetimihai released this 05 Aug 23:36
· 30 commits to main since this release
v0.5.0
0587f24
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

This enterprise-focused release delivers 42 resolved issues with major improvements to authentication, configuration management, error handling, and developer experience. Building on v0.4.0's security foundation, v0.5.0 brings enhanced JWT security, comprehensive UI/UX improvements, and strengthened input validation across all endpoints.

🏆 Enterprise Operability Achievements

This release enhances production readiness with:

  • Enhanced JWT Security – Mandatory token expiration enforcement when configured
  • Masked Sensitive Data – Authentication credentials properly hidden in API responses
  • Improved Error Handling – User-friendly messages with actionable guidance
  • Better Observability – Enhanced status reporting and service visibility
  • Developer Productivity – File-specific linting and comprehensive Makefile improvements
  • Stronger Validation – XSS prevention and input validation across all endpoints

Important: Admin UI remains development-only with enhanced security defaults. Never expose it in production. Build your own production UI with appropriate security controls. Refer to the Securing MCP Gateway documentation.
Beta Software Notice: MCP Gateway is in early beta. Expect breaking changes between minor versions. Use only with trusted upstream MCP servers. This is an OPEN SOURCE PROJECT with community-driven support and no official support from IBM. Please refer to SECURITY.md and our Roadmap for more info.

✨ Highlights

  • 🔐 JWT Token Security – Mandatory expiration when REQUIRE_TOKEN_EXPIRATION=true (#425)
  • 🎭 Masked Auth Values – Sensitive credentials hidden in all API responses (#601, #602)
  • 🧪 Enhanced Test Tool – Default values, array/boolean handling, multiline support (#620-#644)
  • 🛠️ Developer Experience – File-specific linting with make lint filename (#410, #660)
  • 📊 Better Visibility – MCP Server Name column in tools/resources overview (#506, #624)
  • 🔍 Security Scanning – Snyk, DevSkim, and nodejsscan integration (#590, #638, #639)
  • UI Improvements – Checkbox selection, better error messages, form fixes (#392, #619)
  • 📝 SPDX Compliance – Automated file header verification (#315, #317, #656)

🚨 Important Updates

  • UI Enabled by Default.env.example now sets MCPGATEWAY_UI_ENABLED=true for easier onboarding
  • API Docs Authentication – New DOCS_BASIC_AUTH_ENABLED flag for securing documentation endpoints
  • Enhanced Validation – Stricter rules for gateway URLs, tool names, and input parameters
  • Improved Scripts – Consolidated run-gunicorn.sh with better error handling (#397, #430)

🆕 Added

Security & Authentication

  • JWT Token Expiration (#425) – Mandatory expiration with REQUIRE_TOKEN_EXPIRATION=true
  • Masked Credentials (#601, #602) – Auth values hidden in gateway API responses
  • API Docs Auth (#663) – Basic authentication for /docs with DOCS_BASIC_AUTH_ENABLED
  • XSS Prevention (#576) – RPC method validation against injection attacks
  • SPDX Headers (#315, #317, #656) – Automated license compliance checking

Developer Experience

  • File-Specific Linting (#410, #660):

    make lint filename.py     # Lint single file
make lint dirname/        # Lint directory
make lint-changed        # Lint git changes

  • Enhanced Makefile (#365, #397, #507, #597):

    • .PHONY declarations for all targets
    • Prevented multiple server startups
    • Better formatting and organization
    • Consolidated scripts and improved readability

  • Test Tool Enhancements:

    • Default value display (#623, #644)
    • Boolean input fixes (#622)
    • Array input parsing (#620, #641)
    • Multiline text support (#650)

UI/UX Improvements

  • Checkbox Selection (#392, #619) – Multi-select for servers, tools, resources
  • MCP Server Name Column (#506, #624) – Better visibility in global views
  • Connection String Export (#154) – One-click client configuration
  • Time Server Integration (#403, #637) – Added to docker-compose for testing
  • Error Message Clarity (#357, #363, #569, #629, #648) – Actionable validation feedback

Code Quality & Testing

  • Security Scanners:

    • Snyk integration (#638, #639)
    • DevSkim static analysis (#590, #592)
    • nodejsscan for JavaScript (#499)

  • Web Linting (#390, #614) – CI/CD integration with jshint, jscpd, markuplint

  • Package Linters (#615, #616) – check-manifest and pyroma for PyPI compliance

🐛 Fixed

Critical Gateway Issues

  • Gateway ID null in Create API (#521)
  • Duplicate registration bypass (#603, #649)
  • Silent update failures in UI (#630)
  • Invalid URL validation (#578)
  • STREAMABLEHTTP transport validation (#662)
  • GitHub MCP Server registration (#584)

Tool & Resource Handling

  • REST tool update failures (#579)
  • Inconsistent tool name lengths (#631, #651)
  • Long input name reflection (#598)
  • Invalid "STREAMABLE" value (#610)
  • Edit forms not populating (#591, #633, #648)

Authentication & Security

  • Missing auth credentials (#471, #472)
  • Unmasked sensitive data (#601)
  • XSS in RPC methods (#576)

🔄 Changed

Configuration Defaults

  • UI Enabled.env.example sets MCPGATEWAY_UI_ENABLED=true
  • Enhanced Validation – Stricter rules across all inputs
  • Better Scripts – Single run-gunicorn.sh with improved features

Performance & Reliability

  • Improved connection handling and timeouts
  • Better stateful session management
  • Enhanced resource cleanup

📦 Upgrade Instructions

  1. Update your package:

    pip install --upgrade mcp-contextforge-gateway==0.5.0

  2. Review new settings in .env:

    cp .env.example .env
# Check new DOCS_BASIC_AUTH_ENABLED setting

  3. Run database migrations (automatic in Docker/Kubernetes):

    make db-upgrade

🌟 Release Contributors

This release demonstrates strong community growth with 14 new contributors joining the project!

🏆 Top Contributors in 0.5.0

  • Mihai Criveti (@crivetimihai) - Release coordinator, infrastructure, security
  • Madhav Kandukuri (@madhav165) - XSS prevention, validation, security fixes
  • Keval Mahajan (@kevalmahajan) - UI enhancements, test tool improvements
  • Manav Gupta - File-specific linting, Makefile improvements
  • Rakhi Dutta (@rakdutta) - Comprehensive error message improvements
  • Shoumi Mukherjee (@shoummu1) - Array parsing, tool fixes, UI improvements

🎉 New Contributors

  • JimmyLiao - STREAMABLEHTTP transport validation
  • Arnav Bhattacharya - File header verification script
  • Guoqiang Ding - Tool parameter conversion, API docs auth
  • Pascal Roessner - MCP Gateway Name in tools overview
  • Kumar Tiger - Duplicate gateway name fix
  • Shamsul Arefin - JavaScript validation, UUID support
  • Emmanuel Ferdman - Prompt service test fixes
  • Tomas Pilar - Gateway response fixes, auth flags
  • ChrisPC-39 - UI enablement, tool search

💪 Returning Contributors

  • Nayana R Gowda - Redundant expressions, formatting
  • Mohan Lakshmaiah - Tool name consistency
  • Abdul Samad - Continued UI polish
  • Satya - Gateway URL validation

🔗 Resources

Contributors

crivetimihai, madhav165, and 3 other contributors
Assets 2
Loading
0 Join discussion