Download Latest Version v0.8.0 - 2025-10-07 - Advanced OAuth, Plugin Ecosystem _ MCP Registry source code.tar.gz (6.6 MB)
Email in envelope

Get an email when there's a new version of ContextForge MCP Gateway

Home / v0.5.0
Name Modified Size InfoDownloads / Week
Parent folder
MCP Gateway v0.5.0 - 2025-08-06 - Enterprise Operability, Auth, Configuration _ Observability source code.tar.gz 2025-08-05 3.1 MB
0
MCP Gateway v0.5.0 - 2025-08-06 - Enterprise Operability, Auth, Configuration _ Observability source code.zip 2025-08-05 3.3 MB
0
README.md 2025-08-05 8.2 kB
0
Totals: 3 Items   6.4 MB 0

This enterprise-focused release delivers 42 resolved issues with major improvements to authentication, configuration management, error handling, and developer experience. Building on v0.4.0's security foundation, v0.5.0 brings enhanced JWT security, comprehensive UI/UX improvements, and strengthened input validation across all endpoints.

πŸ† Enterprise Operability Achievements

This release enhances production readiness with:

  • Enhanced JWT Security – Mandatory token expiration enforcement when configured
  • Masked Sensitive Data – Authentication credentials properly hidden in API responses
  • Improved Error Handling – User-friendly messages with actionable guidance
  • Better Observability – Enhanced status reporting and service visibility
  • Developer Productivity – File-specific linting and comprehensive Makefile improvements
  • Stronger Validation – XSS prevention and input validation across all endpoints

Important: Admin UI remains development-only with enhanced security defaults. Never expose it in production. Build your own production UI with appropriate security controls. Refer to the Securing MCP Gateway documentation. Beta Software Notice: MCP Gateway is in early beta. Expect breaking changes between minor versions. Use only with trusted upstream MCP servers. This is an OPEN SOURCE PROJECT with community-driven support and no official support from IBM. Please refer to SECURITY.md and our Roadmap for more info.

✨ Highlights

  • πŸ” JWT Token Security – Mandatory expiration when REQUIRE_TOKEN_EXPIRATION=true (#425)
  • 🎭 Masked Auth Values – Sensitive credentials hidden in all API responses (#601, [#602])
  • πŸ§ͺ Enhanced Test Tool – Default values, array/boolean handling, multiline support (#620-#644)
  • πŸ› οΈ Developer Experience – File-specific linting with make lint filename (#410, [#660])
  • πŸ“Š Better Visibility – MCP Server Name column in tools/resources overview (#506, [#624])
  • πŸ” Security Scanning – Snyk, DevSkim, and nodejsscan integration (#590, [#638], [#639])
  • βœ… UI Improvements – Checkbox selection, better error messages, form fixes (#392, [#619])
  • πŸ“ SPDX Compliance – Automated file header verification (#315, [#317], [#656])

🚨 Important Updates

  • UI Enabled by Default – .env.example now sets MCPGATEWAY_UI_ENABLED=true for easier onboarding
  • API Docs Authentication – New DOCS_BASIC_AUTH_ENABLED flag for securing documentation endpoints
  • Enhanced Validation – Stricter rules for gateway URLs, tool names, and input parameters
  • Improved Scripts – Consolidated run-gunicorn.sh with better error handling (#397, [#430])

πŸ†• Added

Security & Authentication

  • JWT Token Expiration (#425) – Mandatory expiration with REQUIRE_TOKEN_EXPIRATION=true
  • Masked Credentials (#601, [#602]) – Auth values hidden in gateway API responses
  • API Docs Auth (#663) – Basic authentication for /docs with DOCS_BASIC_AUTH_ENABLED
  • XSS Prevention (#576) – RPC method validation against injection attacks
  • SPDX Headers (#315, [#317], [#656]) – Automated license compliance checking

Developer Experience

  • File-Specific Linting (#410, [#660]): bash make lint filename.py # Lint single file make lint dirname/ # Lint directory make lint-changed # Lint git changes

  • Enhanced Makefile (#365, [#397], [#507], [#597]):

  • .PHONY declarations for all targets
  • Prevented multiple server startups
  • Better formatting and organization

  • Consolidated scripts and improved readability

  • Test Tool Enhancements:

  • Default value display (#623, [#644])
  • Boolean input fixes (#622)
  • Array input parsing (#620, [#641])
  • Multiline text support (#650)

UI/UX Improvements

  • Checkbox Selection (#392, [#619]) – Multi-select for servers, tools, resources
  • MCP Server Name Column (#506, [#624]) – Better visibility in global views
  • Connection String Export (#154) – One-click client configuration
  • Time Server Integration (#403, [#637]) – Added to docker-compose for testing
  • Error Message Clarity (#357, [#363], [#569], [#629], [#648]) – Actionable validation feedback

Code Quality & Testing

  • Security Scanners:
  • Snyk integration (#638, [#639])
  • DevSkim static analysis (#590, [#592])

  • nodejsscan for JavaScript (#499)

  • Web Linting (#390, [#614]) – CI/CD integration with jshint, jscpd, markuplint

  • Package Linters (#615, [#616]) – check-manifest and pyroma for PyPI compliance

πŸ› Fixed

Critical Gateway Issues

  • Gateway ID null in Create API (#521)
  • Duplicate registration bypass (#603, [#649])
  • Silent update failures in UI (#630)
  • Invalid URL validation (#578)
  • STREAMABLEHTTP transport validation (#662)
  • GitHub MCP Server registration (#584)

Tool & Resource Handling

  • REST tool update failures (#579)
  • Inconsistent tool name lengths (#631, [#651])
  • Long input name reflection (#598)
  • Invalid "STREAMABLE" value (#610)
  • Edit forms not populating (#591, [#633], [#648])

Authentication & Security

  • Missing auth credentials (#471, [#472])
  • Unmasked sensitive data (#601)
  • XSS in RPC methods (#576)

πŸ”„ Changed

Configuration Defaults

  • UI Enabled – .env.example sets MCPGATEWAY_UI_ENABLED=true
  • Enhanced Validation – Stricter rules across all inputs
  • Better Scripts – Single run-gunicorn.sh with improved features

Performance & Reliability

  • Improved connection handling and timeouts
  • Better stateful session management
  • Enhanced resource cleanup

πŸ“¦ Upgrade Instructions

  1. Update your package: bash pip install --upgrade mcp-contextforge-gateway==0.5.0

  2. Review new settings in .env: bash cp .env.example .env # Check new DOCS_BASIC_AUTH_ENABLED setting

  3. Run database migrations (automatic in Docker/Kubernetes): bash make db-upgrade

🌟 Release Contributors

This release demonstrates strong community growth with 14 new contributors joining the project!

πŸ† Top Contributors in 0.5.0

  • Mihai Criveti (@crivetimihai) - Release coordinator, infrastructure, security
  • Madhav Kandukuri (@madhav165) - XSS prevention, validation, security fixes
  • Keval Mahajan (@kevalmahajan) - UI enhancements, test tool improvements
  • Manav Gupta - File-specific linting, Makefile improvements
  • Rakhi Dutta (@rakdutta) - Comprehensive error message improvements
  • Shoumi Mukherjee (@shoummu1) - Array parsing, tool fixes, UI improvements

πŸŽ‰ New Contributors

  • JimmyLiao - STREAMABLEHTTP transport validation
  • Arnav Bhattacharya - File header verification script
  • Guoqiang Ding - Tool parameter conversion, API docs auth
  • Pascal Roessner - MCP Gateway Name in tools overview
  • Kumar Tiger - Duplicate gateway name fix
  • Shamsul Arefin - JavaScript validation, UUID support
  • Emmanuel Ferdman - Prompt service test fixes
  • Tomas Pilar - Gateway response fixes, auth flags
  • ChrisPC-39 - UI enablement, tool search

πŸ’ͺ Returning Contributors

  • Nayana R Gowda - Redundant expressions, formatting
  • Mohan Lakshmaiah - Tool name consistency
  • Abdul Samad - Continued UI polish
  • Satya - Gateway URL validation

πŸ”— Resources

Source: README.md, updated 2025-08-05