Skip to content

v0.2.30

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 22 Apr 00:34
· 15 commits to main since this release
v0.2.30
8f964e0
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🌟 Release Highlights

This release strengthens MCP Gateway's reliability and security posture with hardened pagination safety, cleaner DIFC enforcement architecture, and more explicit guard label rules for sensitive GitHub operations.

🔒 Security & DIFC Improvements

  • Explicit DIFC label rules for high-impact operations (#4300): Notification writes and repository create/fork operations now have explicit label rules in the Rust guard, eliminating ambiguity around inherited caller-provided DIFC labels via fallback behavior. This ensures high-sensitivity mutating operations are consistently and predictably labeled.

🛡️ Reliability Improvements

  • Hardened MCP pagination against cursor cycles (#4302): The MCP pagination engine now fails fast when a backend repeats a cursor, preventing infinite loops caused by misbehaving upstream servers. Go-SDK registration canaries were also added to catch upgrade-sensitive tool registration behavior early.

🧹 Code Quality

  • Refactored DIFC pipeline and logger level wrappers (#4301): Duplicated DIFC enforcement logic shared between unified MCP tool calls and proxy REST handling has been extracted into shared helpers, reducing maintenance burden and the risk of behavioral divergence between code paths.

🔧 Internal

  • Workflow toolchain upgrade to gh-aw v0.69.2 (#4297): All 31 agentic workflows recompiled against the latest gh-aw compiler release.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.30
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

For complete details, see the full release notes.

Generated by Release · ● 180.3K

What's Changed

  • chore: upgrade and recompile all workflows to gh-aw v0.69.2 by @lpcox in #4297
  • Harden MCP pagination against cursor cycles and add go-sdk registration canaries by @Copilot in #4302
  • Refactor duplicated DIFC pipeline decisions and logger level wrappers by @Copilot in #4301
  • Guard DIFC: add explicit label rules for notification writes and repository create/fork operations by @Copilot in #4300

Full Changelog: v0.2.29...v0.2.30

Contributors

lpcox
Assets 8
Loading