Skip to content

Commit 778d29f

Browse files
committed
docs: update 1.0.4 release description in roadmap to reflect accurate focus areas
1 parent 1b7b547 commit 778d29f

2 files changed

Lines changed: 12 additions & 23 deletions

File tree

CHANGELOG.md

Lines changed: 11 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -8,14 +8,13 @@
88

99
- Rust MCP runtime sidecar, Rust A2A runtime sidecar, and ValidationMiddleware are deprecated as of 2026-06-11 and will sunset on 2026-07-07. Use the Python MCP transport path, the Python A2A invocation path, and endpoint-level Pydantic or protocol-specific validation instead. See [Deprecations](docs/docs/deprecations.md).
1010

11-
## [1.0.4] - 2026-06-22 - Admin UI Rewrite Completion, Rust Server Migration, Security Fixes, and Build Hardening
11+
## [1.0.4] - 2026-06-22 - Rust Server Migration, Security Fixes, and Build Hardening
1212

1313
### Overview
1414

15-
Release 1.0.4 consolidates **52 PRs** focused on **Admin UI rewrite completion**, **Rust server migration**, **security and auth correctness**, **multi-architecture build hardening**, and **database reliability**. This release brings the rewritten React-based Admin UI to feature parity for tool, user, and virtual server lifecycle management, migrates test servers to Rust, and resolves a broad set of auth, CSRF, login, and container build issues:
15+
Release 1.0.4 consolidates **35+ PRs** focused on **Rust server migration**, **security and auth correctness**, **multi-architecture build hardening**, and **database reliability**. This release migrates test servers to Rust and resolves a broad set of auth, CSRF, login, and container build issues:
1616

17-
- **🖥️ Admin UI Rewrite** - User CRUD (create/edit/delete), Tool details panel with schema viewer, edit, and delete actions, virtual server create/edit/delete flows, REST tool creation form, OAuth post-login tool activation, team visibility tracking, and Users page Playwright test coverage.
18-
- **🔐 Security & Auth** - Keycloak SSO role merging from `access_token`, `client_secret_basic` support for SSO token exchange, CSRF exempt-path fixes, login redirect loop fix, OAuth `auth_type` propagation fix for tool creation, and session-affinity auth context forwarding across workers.
17+
- **🔐 Security & Auth** - Keycloak SSO role merging from `access_token`, `client_secret_basic` support for SSO token exchange, CSRF exempt-path fixes, login redirect loop fix, and OAuth `auth_type` propagation fix for tool creation.
1918
- **🦀 Rust Servers** - Slow-time MCP test server migrated to Rust (breaking binary path change), Rust benchmark server added replacing Go, Rust A2A echo agent added for integration testing.
2019
- **🛡️ FedRAMP / Build** - s390x `rustup` fix, hermetic wheel closure for s390x/ppc64le multiplatform builds, `Containerfile.lite` venv fix, PyPI UI bundle fix, PyO3 and Rust CI dependency updates.
2120
- **🗄️ Database & Performance** - DB connection pool multiplication resolved, lazy log formatting migration across services, tag length made configurable via env vars.
@@ -24,20 +23,6 @@ Release 1.0.4 consolidates **52 PRs** focused on **Admin UI rewrite completion**
2423

2524
### Added
2625

27-
#### **🖥️ Admin UI Rewrite**
28-
29-
- **👤 User Delete** ([#5149](https://github.com/IBM/mcp-context-forge/pull/5149)) – User delete flow in the rewritten Admin UI. Completes user lifecycle management.
30-
- **✏️ User Edit** ([#5184](https://github.com/IBM/mcp-context-forge/pull/5184)) – User edit form in the rewritten Admin UI. Enables inline user profile updates.
31-
- **🔧 REST Tool Creation Form** ([#5137](https://github.com/IBM/mcp-context-forge/pull/5137)) – REST tool creation form in the rewritten UI. Replaces legacy modal with a structured form.
32-
- **🔍 Tools Details View** ([#5194](https://github.com/IBM/mcp-context-forge/pull/5194)) – Tool details side panel with full metadata display. Enables tool inspection without leaving the list.
33-
- **🗂️ Input/Output Schema Dialog** ([#5234](https://github.com/IBM/mcp-context-forge/pull/5234)) – Schema dialog with syntax highlighting for tool input/output schemas. Improves developer ergonomics.
34-
- **🗑️ Delete Tool from Details Panel** ([#5231](https://github.com/IBM/mcp-context-forge/pull/5231)) – Delete tool action directly from the Tools details panel. Reduces navigation steps.
35-
- **✏️ Edit Tools in Details Panel** ([#5283](https://github.com/IBM/mcp-context-forge/pull/5283)) – Edit tool functionality within the ToolDetailPanel. Unifies view and edit into a single panel.
36-
- **🗑️ Virtual Server Delete Flow** ([#5236](https://github.com/IBM/mcp-context-forge/pull/5236)) – Delete flow for virtual servers in the rewritten UI. Completes virtual server lifecycle management.
37-
- **✏️ Edit Virtual Servers** ([#5263](https://github.com/IBM/mcp-context-forge/pull/5263)) – Edit virtual server form in the rewritten UI. Enables in-place server reconfiguration.
38-
- **📋 Virtual Server Source Panels** ([#5122](https://github.com/IBM/mcp-context-forge/pull/5122)) – Updated virtual server source panels. Improves source visibility in the UI.
39-
- **🔑 OAuth Post-Login Tool Activation** ([#5076](https://github.com/IBM/mcp-context-forge/pull/5076)) – Fetch tools and activate MCP server after OAuth completion. Fixes blank tool list after OAuth login.
40-
4126
#### **🔐 Security & Auth**
4227

4328
- **🔑 client_secret_basic SSO Token Exchange** ([#5132](https://github.com/IBM/mcp-context-forge/pull/5132)) – `client_secret_basic` HTTP Basic Auth support for SSO token exchange. Broadens compatibility with OAuth 2.0 compliant identity providers.
@@ -72,6 +57,7 @@ Release 1.0.4 consolidates **52 PRs** focused on **Admin UI rewrite completion**
7257
- **🔒 Docker-Scan Scoped to Merge Queue** ([#5209](https://github.com/IBM/mcp-context-forge/pull/5209)) – Docker vulnerability scan scoped to PR lint + merge-queue gate. Avoids redundant scans on every push.
7358
- **⬛ Hadolint via Docker Image** ([#5259](https://github.com/IBM/mcp-context-forge/pull/5259)) – Hadolint run via Docker image to satisfy org Actions allowlist. Removes dependency on non-allowlisted GitHub Action.
7459
- **⏩ Skip CI for Secrets Baseline Commits** ([#5012](https://github.com/IBM/mcp-context-forge/pull/5012)) – Full CI skipped for `detect-secrets` baseline-only commits. Reduces unnecessary CI load.
60+
- **📌 Pin buildx Version** – Pinned `setup-buildx-action` to a fixed version to avoid Docker Hub rate-limit failures. Prevents intermittent CI build failures from upstream rate limiting.
7561

7662
### Fixed
7763

@@ -81,13 +67,10 @@ Release 1.0.4 consolidates **52 PRs** focused on **Admin UI rewrite completion**
8167
- **🔒 CSRF Exempt Paths** ([#5157](https://github.com/IBM/mcp-context-forge/pull/5157)) – Added missing API paths to `csrf_exempt_paths`; fixed env drift between config and middleware. Prevents spurious CSRF rejections on valid API calls.
8268
- **🔄 Login Redirect Loop** ([#5203](https://github.com/IBM/mcp-context-forge/pull/5203)) – Fixed login redirect loop. Prevents infinite redirect cycle after authentication.
8369
- **🔧 OAuth auth_type Ignored in Tool Creation** ([#5180](https://github.com/IBM/mcp-context-forge/pull/5180)) – OAuth `auth_type` offered in Add Tool form was silently ignored by `POST /tools` and `POST /admin/tools`. Fix propagates auth type through tool creation pipeline.
84-
- **🔑 Session-Affinity Auth Context** ([#5212](https://github.com/IBM/mcp-context-forge/pull/5212)) – Carry edge-validated auth context across cross-worker forwards. Prevents auth context loss during session migration between workers.
8570

86-
#### **🖥️ Admin UI**
71+
#### **🧪 Tests**
8772

88-
- **👥 Team Visibility on Form Submit** ([#5250](https://github.com/IBM/mcp-context-forge/pull/5250)) – Team visibility now always tracks current sidebar team on form submit. Prevents visibility mismatch when switching teams before submitting.
8973
- **🧪 Playwright: FK Cascade and Team Delegation** ([#5211](https://github.com/IBM/mcp-context-forge/pull/5211)) – Fixed user deletion FK cascade and team selector delegation in Playwright tests. Stabilizes E2E test suite.
90-
- **👥 Users Page Playwright Tests** ([#5300](https://github.com/IBM/mcp-context-forge/pull/5300)) – Added Users page Playwright test coverage.
9174

9275
#### **🛡️ FedRAMP / FIPS Compliance**
9376

@@ -123,6 +106,12 @@ Release 1.0.4 consolidates **52 PRs** focused on **Admin UI rewrite completion**
123106
| [#5275](https://github.com/IBM/mcp-context-forge/pull/5275) | chore: update code owners for certain topics | brian-hussey |
124107
| [#5012](https://github.com/IBM/mcp-context-forge/pull/5012) | chore: skip full CI for secrets baseline commits | lucarlig |
125108
| [#4749](https://github.com/IBM/mcp-context-forge/pull/4749) | chore(logging): migrate f-string log calls to lazy %-style | msureshkumar88 |
109+
|| chore(docker): update UBI image versions | msureshkumar88 |
110+
|| fix(deps): update cryptography and msgpack | cafalchio |
111+
|| chore: addressed dependabot security dependency issues ||
112+
|| chore: refresh Go dependencies ||
113+
|| chore: update Python versions in container images ||
114+
|| chore: code quality gates pass ||
126115

127116
## [1.0.3] - 2026-06-10 - Auth & JWT Cleanup, Admin UI Fixes, FedRAMP/FIPS Hardening, and Bug Fixes
128117

docs/docs/architecture/roadmap.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
| Release | Due Date | Completion | Status | Description |
1010
| ------- | ----------- | ---------- | ------------ | ----------- |
1111
| Future | Coming soon. | N/A | Planning | Future development plans |
12-
| 1.0.4 | 22 Jun 2026 | 100 % | **Closed** | Documentation, Technical Debt, Bugfixes |
12+
| 1.0.4 | 22 Jun 2026 | 100 % | **Closed** | Rust Server Migration, Security Fixes, and Build Hardening |
1313
| 1.0.3 | 10 Jun 2026 | 100 % | **Closed** | Documentation, Technical Debt, Bugfixes |
1414
| 1.0.2 | 26 May 2026 | 100 % | **Closed** | Technical Debt and Quality |
1515
| 1.0.1 | 12 May 2026 | 100%. | **Closed** | Security Hardening, UI Improvements, and Bug Fixes |

0 commit comments

Comments
 (0)