You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+11-22Lines changed: 11 additions & 22 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,14 +8,13 @@
8
8
9
9
- Rust MCP runtime sidecar, Rust A2A runtime sidecar, and ValidationMiddleware are deprecated as of 2026-06-11 and will sunset on 2026-07-07. Use the Python MCP transport path, the Python A2A invocation path, and endpoint-level Pydantic or protocol-specific validation instead. See [Deprecations](docs/docs/deprecations.md).
10
10
11
-
## [1.0.4] - 2026-06-22 - Admin UI Rewrite Completion, Rust Server Migration, Security Fixes, and Build Hardening
11
+
## [1.0.4] - 2026-06-22 - Rust Server Migration, Security Fixes, and Build Hardening
12
12
13
13
### Overview
14
14
15
-
Release 1.0.4 consolidates **52 PRs** focused on **Admin UI rewrite completion**, **Rust server migration**, **security and auth correctness**, **multi-architecture build hardening**, and **database reliability**. This release brings the rewritten React-based Admin UI to feature parity for tool, user, and virtual server lifecycle management, migrates test servers to Rust, and resolves a broad set of auth, CSRF, login, and container build issues:
15
+
Release 1.0.4 consolidates **35+ PRs** focused on **Rust server migration**, **security and auth correctness**, **multi-architecture build hardening**, and **database reliability**. This release migrates test servers to Rust and resolves a broad set of auth, CSRF, login, and container build issues:
16
16
17
-
-**🖥️ Admin UI Rewrite** - User CRUD (create/edit/delete), Tool details panel with schema viewer, edit, and delete actions, virtual server create/edit/delete flows, REST tool creation form, OAuth post-login tool activation, team visibility tracking, and Users page Playwright test coverage.
18
-
-**🔐 Security & Auth** - Keycloak SSO role merging from `access_token`, `client_secret_basic` support for SSO token exchange, CSRF exempt-path fixes, login redirect loop fix, OAuth `auth_type` propagation fix for tool creation, and session-affinity auth context forwarding across workers.
17
+
-**🔐 Security & Auth** - Keycloak SSO role merging from `access_token`, `client_secret_basic` support for SSO token exchange, CSRF exempt-path fixes, login redirect loop fix, and OAuth `auth_type` propagation fix for tool creation.
19
18
-**🦀 Rust Servers** - Slow-time MCP test server migrated to Rust (breaking binary path change), Rust benchmark server added replacing Go, Rust A2A echo agent added for integration testing.
20
19
-**🛡️ FedRAMP / Build** - s390x `rustup` fix, hermetic wheel closure for s390x/ppc64le multiplatform builds, `Containerfile.lite` venv fix, PyPI UI bundle fix, PyO3 and Rust CI dependency updates.
21
20
-**🗄️ Database & Performance** - DB connection pool multiplication resolved, lazy log formatting migration across services, tag length made configurable via env vars.
-**👤 User Delete** ([#5149](https://github.com/IBM/mcp-context-forge/pull/5149)) – User delete flow in the rewritten Admin UI. Completes user lifecycle management.
30
-
-**✏️ User Edit** ([#5184](https://github.com/IBM/mcp-context-forge/pull/5184)) – User edit form in the rewritten Admin UI. Enables inline user profile updates.
31
-
-**🔧 REST Tool Creation Form** ([#5137](https://github.com/IBM/mcp-context-forge/pull/5137)) – REST tool creation form in the rewritten UI. Replaces legacy modal with a structured form.
32
-
-**🔍 Tools Details View** ([#5194](https://github.com/IBM/mcp-context-forge/pull/5194)) – Tool details side panel with full metadata display. Enables tool inspection without leaving the list.
33
-
-**🗂️ Input/Output Schema Dialog** ([#5234](https://github.com/IBM/mcp-context-forge/pull/5234)) – Schema dialog with syntax highlighting for tool input/output schemas. Improves developer ergonomics.
34
-
-**🗑️ Delete Tool from Details Panel** ([#5231](https://github.com/IBM/mcp-context-forge/pull/5231)) – Delete tool action directly from the Tools details panel. Reduces navigation steps.
35
-
-**✏️ Edit Tools in Details Panel** ([#5283](https://github.com/IBM/mcp-context-forge/pull/5283)) – Edit tool functionality within the ToolDetailPanel. Unifies view and edit into a single panel.
36
-
-**🗑️ Virtual Server Delete Flow** ([#5236](https://github.com/IBM/mcp-context-forge/pull/5236)) – Delete flow for virtual servers in the rewritten UI. Completes virtual server lifecycle management.
37
-
-**✏️ Edit Virtual Servers** ([#5263](https://github.com/IBM/mcp-context-forge/pull/5263)) – Edit virtual server form in the rewritten UI. Enables in-place server reconfiguration.
38
-
-**📋 Virtual Server Source Panels** ([#5122](https://github.com/IBM/mcp-context-forge/pull/5122)) – Updated virtual server source panels. Improves source visibility in the UI.
39
-
-**🔑 OAuth Post-Login Tool Activation** ([#5076](https://github.com/IBM/mcp-context-forge/pull/5076)) – Fetch tools and activate MCP server after OAuth completion. Fixes blank tool list after OAuth login.
40
-
41
26
#### **🔐 Security & Auth**
42
27
43
28
-**🔑 client_secret_basic SSO Token Exchange** ([#5132](https://github.com/IBM/mcp-context-forge/pull/5132)) – `client_secret_basic` HTTP Basic Auth support for SSO token exchange. Broadens compatibility with OAuth 2.0 compliant identity providers.
-**🔒 Docker-Scan Scoped to Merge Queue** ([#5209](https://github.com/IBM/mcp-context-forge/pull/5209)) – Docker vulnerability scan scoped to PR lint + merge-queue gate. Avoids redundant scans on every push.
73
58
-**⬛ Hadolint via Docker Image** ([#5259](https://github.com/IBM/mcp-context-forge/pull/5259)) – Hadolint run via Docker image to satisfy org Actions allowlist. Removes dependency on non-allowlisted GitHub Action.
74
59
-**⏩ Skip CI for Secrets Baseline Commits** ([#5012](https://github.com/IBM/mcp-context-forge/pull/5012)) – Full CI skipped for `detect-secrets` baseline-only commits. Reduces unnecessary CI load.
60
+
-**📌 Pin buildx Version** – Pinned `setup-buildx-action` to a fixed version to avoid Docker Hub rate-limit failures. Prevents intermittent CI build failures from upstream rate limiting.
-**🔒 CSRF Exempt Paths** ([#5157](https://github.com/IBM/mcp-context-forge/pull/5157)) – Added missing API paths to `csrf_exempt_paths`; fixed env drift between config and middleware. Prevents spurious CSRF rejections on valid API calls.
-**🔧 OAuth auth_type Ignored in Tool Creation** ([#5180](https://github.com/IBM/mcp-context-forge/pull/5180)) – OAuth `auth_type` offered in Add Tool form was silently ignored by `POST /tools` and `POST /admin/tools`. Fix propagates auth type through tool creation pipeline.
84
-
-**🔑 Session-Affinity Auth Context** ([#5212](https://github.com/IBM/mcp-context-forge/pull/5212)) – Carry edge-validated auth context across cross-worker forwards. Prevents auth context loss during session migration between workers.
85
70
86
-
#### **🖥️ Admin UI**
71
+
#### **🧪 Tests**
87
72
88
-
-**👥 Team Visibility on Form Submit** ([#5250](https://github.com/IBM/mcp-context-forge/pull/5250)) – Team visibility now always tracks current sidebar team on form submit. Prevents visibility mismatch when switching teams before submitting.
89
73
-**🧪 Playwright: FK Cascade and Team Delegation** ([#5211](https://github.com/IBM/mcp-context-forge/pull/5211)) – Fixed user deletion FK cascade and team selector delegation in Playwright tests. Stabilizes E2E test suite.
0 commit comments