Skip to content

v0.2.16

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 07 Apr 17:52
· 12 commits to main since this release
v0.2.16
2376065
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🌟 Release Highlights

This release closes a security gap in allowed-tools enforcement and updates the schema validation baseline to gh-aw v0.67.1.

πŸ”’ Security Fix: Server-Side Allowed-Tools Enforcement

Previously, the tools allow-list in your server config was parsed but never enforced at runtime β€” a client with raw HTTP access could bypass it by sending tools/call requests directly for tools that should be restricted.

What changed:

  • tools/call enforcement: Blocked tools are now rejected with a descriptive error (IsError: true) before any backend request is made. A 403 OTEL span status is set and a WARN log is emitted.
  • tools/list defense-in-depth: Non-allowed tools are filtered out during backend registration β€” they never appear in tools/list responses and are never registered with the SDK server.
  • O(1) lookup: Allowed-tool sets are pre-computed at startup (buildAllowedToolSets), adding no per-request overhead.

No config changes required. When tools is absent or empty, all tools remain accessible β€” existing configurations are unaffected.

Example allow-list config:

{
  "mcpServers": {
    "github": {
      "type": "stdio",
      "container": "ghcr.io/github/github-mcp-server:latest",
      "tools": ["search_code", "get_file_contents", "list_issues"]
    }
  }
}

See the Configuration Guide for full server config options.

πŸ”§ Maintenance

  • Updated MCP Gateway JSON schema validation URL to gh-aw v0.67.1 for reproducible, deterministic configuration validation.

🐳 Docker Image

The Docker image for this release is available at:

docker pull ghcr.io/github/gh-aw-mcpg:v0.2.16
# or
docker pull ghcr.io/github/gh-aw-mcpg:latest

Supported platforms: linux/amd64, linux/arm64

For complete details, see the full release notes.

Generated by Release Β· ● 150.6K

What's Changed

  • Gateway: enforce allowed-tools filtering server-side on tools/list and tools/call by @Copilot in #3334
  • Gateway: enforce allowed-tools filtering server-side on tools/list and tools/call by @Copilot in #3333
  • πŸ”„ chore: update schema URL to gh-aw v0.67.1 by @github-actions[bot] in #3318

Full Changelog: v0.2.15...v0.2.16

Assets 8
Loading