Skip to content

v0.2.22

Choose a tag to compare

@github-actions github-actions released this 16 Apr 21:24
· 162 commits to main since this release
68ce183

🌟 Release Highlights

This release focuses on reliability improvements for non-root container deployments and GHES compatibility, along with a documentation accuracy fix for the server tools allowlist feature.

πŸ› Bug Fixes & Improvements

  • Non-root container support β€” MCP Gateway can now run as a non-privileged user (e.g., via --user $(id -u):$(id -g) in Docker). Previously, a failure to write /etc/hosts would abort startup; it is now treated as a non-fatal warning, enabling secure, rootless container deployments. (#3985)

  • GHES GraphQL routing fixed β€” GraphQL requests routed through the DIFC proxy to GitHub Enterprise Server instances with an /api/v3 base path were being forwarded to an invalid endpoint. Requests such as /api/graphql from the gh CLI are now correctly rewritten to <host>/api/graphql, ensuring end-to-end query preservation for GHES users. (#3970)

πŸ“š Documentation

  • tools field docs corrected β€” The Configuration Reference previously stated that the server tools field was unenforced. This has been corrected to reflect the actual runtime behavior: tools are filtered from tools/list responses and tools/call requests are denied for any tool not in the allowlist. (#3965)

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.22
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64


For complete details, see the full release notes.

Generated by Release Β· ● 147.8K


What's Changed

  • Correct tools field documentation to match runtime allowlist enforcement by @Copilot in #3965
  • Refactor MCP connection response logging and timeout default handling to remove duplication by @Copilot in #3966
  • [rust-guard] Deduplicate granular repo-write tool labeling and avoid repeated path scans in file secrecy checks by @Copilot in #3967
  • Refactor URL derivation and helper ownership across envutil/config/mcp by @Copilot in #3968
  • Fix GHES GraphQL path handling and end-to-end query preservation in DIFC proxy when upstream is /api/v3 by @Copilot in #3970
  • Make /etc/hosts write non-fatal for non-root container execution by @lpcox in #3985

Full Changelog: v0.2.21...v0.2.22