You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix: security hardening and health check for v2.0.1
- Add GET /health endpoint (no auth) for Docker/K8s probes
- Fix audit bypass: notification-style requests now always logged
- Fix CORS default: disabled by default, warn on startup if unset
- Fix /health method restriction: GET/HEAD only, 405 otherwise
- Fix Docker HEALTHCHECK: /sse (401 with auth) -> /health
- Update docs to prefer MCP_AUTH_TOKENS=name:token,... format
- Update K8s probes in docs to use /health
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Copy file name to clipboardExpand all lines: CHANGELOG.md
+15Lines changed: 15 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,6 +7,21 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
8
8
## [Unreleased]
9
9
10
+
## [2.0.1] - 2026-06-01 - Security & Health Check Fixes
11
+
12
+
### Added
13
+
-`GET /health` — unauthenticated liveness probe endpoint; returns `200 ok`. Used by Docker `HEALTHCHECK`, Kubernetes liveness/readiness probes, and uptime monitors. Does not expose any server state.
14
+
15
+
### Fixed
16
+
-**Audit log bypass** — notification-style JSON-RPC requests (no `id` field) were silently skipped by the audit middleware. A client could send `tools/call` without an `id` and the tool would execute without being logged. All requests are now audited regardless of notification status; notification entries get `status: "notification"`.
17
+
-**Docker `HEALTHCHECK`** — was calling unauthenticated `GET /sse`, which returns `401` when `MCP_AUTH_TOKENS` is configured. Now calls `GET /health`.
18
+
-**CORS wildcard default** — `CORS_ALLOWED_ORIGIN` now defaults to `""` (disabled) instead of `"*"`. Operators must explicitly set the origin. A startup INFO log explains the setting and suggests `https://claude.ai` for browser-based access. Claude Desktop and CLI tools (mcp-remote) are unaffected — they do not enforce browser CORS policy.
19
+
-**`/health` method restriction** — previously accepted any HTTP method and returned `200`. Now only `GET` and `HEAD` are accepted; other methods return `405 Method Not Allowed`.
20
+
21
+
### Changed
22
+
- All documentation updated to prefer `MCP_AUTH_TOKENS=name:token,...` over the legacy `MCP_AUTH_TOKEN` single-token variable in shared server examples.
23
+
- Kubernetes liveness/readiness probes in docs updated to use `/health` instead of `/sse` or `/messages`.
logger.Info("CORS not configured — fine for Claude Desktop and CLI tools; set CORS_ALLOWED_ORIGIN=https://claude.ai if connecting via a web browser", nil)
0 commit comments