🔐 MCP Gateway v0.3.1 - 2025-01-11 Security, XSS protection and Data Validation (Pydantic, UI)

🔐 MCP Gateway v0.3.1 – 2025-01-11

This security-focused release delivers comprehensive input validation, output escaping, and data sanitization to protect against XSS and injection attacks when handling data from untrusted MCP servers. It also includes UI improvements and code quality enhancements.

🔒 Security First: Defense in Depth

This release prioritizes defense in depth with multiple layers of security validation:

• Input Validation Framework – Comprehensive validation for all API endpoints
• Output Escaping – HTML-escaped display of user-controlled content in UI
• Data Sanitization – Protection against XSS injection from untrusted MCP servers
• Secure Defaults – Admin UI and API disabled by default (development-only features)
• Automated Security Pipeline – 24+ security tools including CodeQL, Bandit, Trivy, and OSV-Scanner

Important: The Admin UI is for development only and must never be exposed in production. It's designed for localhost-only access with trusted MCP servers. For production, disable it completely and use only the REST API with proper authentication.
Beta Software Notice: MCP Gateway is in early beta. Expect breaking changes between minor versions. This is an OPEN SOURCE PROJECT with community-driven support and no official support from IBM.

✨ Highlights

• 🛡️ Comprehensive Security Hardening – Input validation for all /admin and main API endpoints with configurable rules (#339, #340)
• 🔒 XSS Protection – Enhanced output handling ensures all user-controlled content is properly HTML-escaped (#336)
• ✅ Zero Lint Status – Resolved all 312 code quality issues across the web stack (#338)
• 🔧 Test Connectivity Tool – New debugging feature to validate gateway connections (#181)
• 💾 Persistent UI State – Filters and view preferences now persist across page refreshes (#177)
• 🎨 Revamped UI Components – Metrics and version tabs rewritten for consistency
• 🧪 UI-Disabled Mode Support – Fixed unit tests to handle configurations with UI disabled (#378)
• 🏷️ Semantic Versioning – Version endpoint now includes proper semantic version, not just git revision (#369)

🚨 Important Limitations

• Not Multi-Tenant Ready – Deploy as single-tenant component; implement user isolation, RBAC, and resource management in your application layer - many of the features to support true multi-tenancy and additional security policies and tools are coming slated for release 0.7.0 - 0.8.0
• Admin UI is Development-Only – Never expose in production; build your own production UI with appropriate security controls
• Beta Software – Validate all MCP servers before connecting; expect breaking changes between releases

🆕 Added

Security Enhancements

• Comprehensive Input Validation Framework (#339, #340):

  • All /admin endpoints validated – tools, resources, prompts, gateways, and servers
  • All non-admin API endpoints validated for consistent data integrity
  • Configurable validation rules with sensible defaults:
    • Character restrictions: names ^[a-zA-Z0-9_\-\s]+$, tool names ^[a-zA-Z][a-zA-Z0-9_]*$
    • URL scheme validation: http://, https://, ws://, wss://
    • JSON nesting depth limits (default: 10 levels)
    • Field-specific length limits (names: 255, descriptions: 4KB, content: 1MB)
    • MIME type validation for resources
  • Clear error messages guide users to correct input formats

• Enhanced Output Handling (#336):

  • All user-controlled content properly HTML-escaped in Admin UI
  • Protected fields: prompt templates, tool names/annotations, resource content, gateway configs
  • Ensures data displays as intended without unexpected behavior

Features

• Test MCP Server Connectivity Tool (#181) – Debug and validate gateway connections from Admin UI
• Persistent Admin UI Filter State (#177) – View preferences persist across refreshes
• Revamped UI Components – Metrics and version tabs rewritten for consistency

Fixes

• Unit Test Compatibility (#378) – Tests now properly handle UI-disabled mode configurations
• Version Endpoint Enhancement (#369) – Now includes semantic version (e.g., "0.3.1") not just git revision

🔄 Changed

• Code Quality Achievement (#338):

  • Resolved all 312 code quality issues
  • Updated 14 JavaScript patterns
  • Corrected 2 HTML structure improvements
  • Standardized naming conventions
  • Removed unused code

• Security Defaults:

  • Admin UI disabled by default: MCPGATEWAY_UI_ENABLED=false
  • Admin API disabled by default: MCPGATEWAY_ADMIN_API_ENABLED=false
  • Update your .env file to explicitly enable these features

• Validation Configuration – New environment variables:

  VALIDATION_MAX_NAME_LENGTH=255
  VALIDATION_MAX_DESCRIPTION_LENGTH=4096
  VALIDATION_MAX_JSON_DEPTH=10
  VALIDATION_ALLOWED_URL_SCHEMES=["http://", "https://", "ws://", "wss://"]

• Performance – Validation overhead kept under 10ms per request

• Security Pipeline – Every PR now passes through 24+ automated security scans including:

  • SAST: CodeQL, Bandit, multiple type checkers
  • Dependency Scanning: OSV-Scanner, Trivy, npm audit
  • Container Security: Hadolint, Dockle, Trivy
  • Code Quality: Multiple linters ensuring maintainability

🔐 Security Notes

Defense in Depth Strategy

MCP Gateway is designed as one component in a comprehensive security strategy:

1. Upstream validation: Verify and trust all MCP servers before connection
2. Gateway validation: Input/output validation and sanitization (this release)
3. Downstream validation: Applications must implement their own security controls
4. Network isolation: Use firewalls and network policies
5. Monitoring: Implement logging and alerting for anomalies

Review Your Configuration

Admin features are now disabled by default for security:

MCPGATEWAY_UI_ENABLED=false        # Keep false in production
MCPGATEWAY_ADMIN_API_ENABLED=false # Keep false in production

Developer Security Tools

Run the same 24+ security scans locally that execute in CI/CD:

make pre-commit  # Run before every commit (includes Bandit)
make lint        # Full security and quality suite
make bandit      # Python security vulnerabilities
make trivy       # Container vulnerability scanning
make osv-scan    # Open source vulnerability database

📦 Upgrade Instructions (pypy)

1. Update your package:

   pip install --upgrade mcp-contextforge-gateway==0.3.1

2. Review security settings in your .env:

   # Copy from .env.example for secure defaults
   cp .env.example .env
   # Then enable only required features

📋 Production Deployment Checklist

When deploying MCP Gateway v0.3.1:

• Disable Admin UI (MCPGATEWAY_UI_ENABLED=false)
• Disable Admin API (MCPGATEWAY_ADMIN_API_ENABLED=false)
• Enable authentication for all endpoints
• Configure TLS/HTTPS with valid certificates
• Validate all MCP servers before connection
• Implement downstream validation in your applications
• Set up monitoring and anomaly detection
• Review validation rules for your use case

See the full Security Policy for complete deployment guidelines.

👥 Contributors

This security-focused release was delivered through excellent teamwork. Some of the items closed in 0.3.1 include:

• Security Implementation – Input validation framework (#339, #340) and output escaping (#336)
• Code Quality – Achieved zero lint status across 312 issues (#338)
• Testing Improvements – UI-disabled mode support (#378)
• Version Enhancement – Semantic versioning in API (#369)
• UI/UX Features – Test connectivity tool (#181) and persistent filter state (#177)

Special thanks to all contributors who helped make MCP Gateway more secure and robust!

---

🔗 Resources

• 📚 Docs: https://ibm.github.io/mcp-context-forge/
• 🐳 Container: ghcr.io/ibm/mcp-context-forge:v0.3.1
• 🐍 PyPI: mcp-contextforge-gateway
• 📈 Full changelog: Compare v0.3.0…v0.3.1

🚀 MCP Gateway v0.3.0 - Annotations, Alembic, Auto-Recovery and Multi-Server Tool Federations, DX

🚀 MCP Gateway v0.3.0 – 2025-07-08

This milestone release delivers powerful multi-server tool federations with rich annotations, enhanced UI management capabilities, and rock-solid stability improvements that make MCP Gateway ready for production workloads.

Note: This release introduces Alembic migrations to make future database schema changes seamless. These happen automatically, but in some cases, when upgrading from 0.1.0 - migration may not be possible and you will need to re-create your database. Ex: rm mcp.db.

✨ Highlights

• 🔗 Multi-Server Tool Federation – seamlessly aggregate tools, resources, and prompts across multiple MCP servers with intelligent namespace handling and UUID-based identity management.
• 🏷️ Rich Annotations & Metadata – enhanced tool and resource annotations with dynamic UI pickers for better discoverability and management.
• 🔄 Auto-Recovery & Resilience – automatic MCP server reactivation when services come back online, plus configurable connection retries with exponential backoff.
• 🎯 Dynamic UI Management – intuitive pickers for tool, resource, and prompt associations with real-time server status indicators.
• 📤 Enhanced Connection Export – one-click connection string generation for popular AI frameworks and clients.
• 🛠️ Developer Experience – comprehensive workstation setup guides, improved error handling, and cleaner database migrations.
• 🐹 Go MCP Server Reference – fast-time-server implementation showcasing best practices for high-performance MCP servers.

🆕 Added

• Namespace Composite Keys & UUIDs for robust tool identity across federated servers.
• Dynamic UI Picker for tool, resource, and prompt associations with live server filtering.
• Auto-activation system that automatically re-enables MCP servers when they recover.
• Configurable connection retries for databases and Redis with intelligent backoff strategies.
• Enhanced connection string export API and UI for seamless client integration.
• Go-based fast-time-server as a high-performance MCP server reference implementation.
• Developer Workstation Setup Guide covering Mac (Intel/ARM), Linux, and Windows environments.
• Improved file lock handling with proper /tmp directory usage for better multi-instance support.

🔄 Changed

• Database schema migration with separate enabled and reachable fields replacing the legacy is_active field.
• Enhanced path parameter handling for REST API virtualization with better substitution logic.
• Streamlined packaging with proper Alembic configuration inclusion in PyPI wheels.
• Modernized Pydantic patterns eliminating deprecation warnings and improving type safety.
• Improved UI responsiveness with better parameter input modal handling and validation.

🐛 Fixed

• Database migration packaging – Alembic configurations now properly included in pip installations.
• Field migration handling – smooth transition from is_active to enabled/reachable fields.
• File lock path creation – proper /tmp directory usage instead of current working directory.
• GitHub Remote Server addition flow now works reliably.
• Parameter input modals – close button functionality restored.
• Gateway reactivation warnings eliminated through proper Pydantic model handling.
• SBOM generation and documentation build targets now function correctly.
• Test suite stability with comprehensive Pydantic pattern updates.

🔐 Security

• Enhanced connection isolation with proper file locking mechanisms.
• Improved error handling that prevents information leakage.
• Database connection security with retry policies that don't expose credentials.

📦 Packaging & Deployment

• PyPI wheel improvements with complete Alembic migration support.
• Container optimization for better multi-instance deployments.
• Development tooling enhancements for contributor onboarding.

👥 New Contributors

We welcome new contributors who joined us in this release – thank you for your valuable contributions!

🙏 Returning Contributors who delivered excellence

• Mihai Criveti – release management, database migration architecture, Go time server implementation, comprehensive testing and stability improvements.
• Keval Mahajan – multi-server federation logic, UI picker implementation, auto-recovery system design.
• Madhav Kandukuri – namespace design, connection export enhancements, developer experience improvements.
• Abdul Samad – UI/UX refinements, parameter modal fixes, visual consistency improvements.
• Manav Gupta – packaging fixes, documentation improvements, build system enhancements.

Outstanding work making MCP Gateway production-ready! 🎉

---

🔮 What's Next in v0.4.0

The next release will focus on Bugfixes, Resilience & Code Quality with:

• Universal retry mechanisms with exponential backoff
• Comprehensive test coverage (90%+ target)
• Advanced security scanning and static analysis
• Performance profiling and optimization
• Enhanced documentation and developer guides

---

🔗 Resources

• 📚 Docs: https://ibm.github.io/mcp-context-forge/
• 🐳 Container: ghcr.io/ibm/mcp-context-forge:v0.3.0
• 🐍 PyPI: [mcp-contextforge-gateway](https://pypi.org/project/mcp-contextforge-gateway/)
• 📈 Full changelog: [Compare v0.2.0…v0.3.0](v0.2.0...v0.3.0)
• 🎯 Roadmap: [View upcoming releases](https://ibm.github.io/mcp-context-forge/architecture/roadmap/)

MCP Gateway v0.2.0 – Streamable HTTP, Infra-as-Code, Dark Mode

🚀 MCP Gateway v0.2.0 – 2025-06-24

This feature-rich release introduces a Streamable HTTP transport, mcpgateway.translate to convert stdio to SSE, infrastructure-as-code assets, and a sleek dark-mode UI, while hardening stability and developer tooling across the board.

✨ Highlights

• 🌊 First-class Streamable HTTP transport – the gateway now speaks MCP’s new default protocol, with stateful-session & auth support. SSE still works, too. Introduced mcpgateway.translate to turn any stdio server into a SSE endpoint.
• 🛠️ Infra-as-Code – drop-in Terraform modules & Ansible roles for cloud installs.
• ⚡ Connection-string exporter – one-click UI / /servers/{id}/connect API for LangChain, Claude Desktop & friends.
• 🌒 Dark-mode Admin UI with a compact version-info panel.
• 🧑‍💻 Developer experience overhaul – 333 green unit tests, tox, pre-commit linters, coverage in CI, Python 3.11+.
• 🏗️ Deployment goodies – Helm charts accept external secrets/Redis, Fly.io guide, Docker-compose switches.
• 🔒 Security & hardening – connection-level time-outs, CVE scans, dependency bumps.

🆕 Added

• Streamable HTTP client/server transport with Basic/Bearer auth & session persistence.
• Connection-string export API/UI.
• Terraform modules & Ansible playbooks for cloud provisioning.
• Fast Go reference MCP server for benchmarking.
• Dark-mode theme, slimmer version-info widget, dev-onboarding checklist.
• tox config, pre-commit (ruff, flake8, yamllint), GH Actions pytest + coverage.
• Helm enhancements: external secrets/Redis, walkthrough; Fly.io deployment guide.

🔄 Changed

• Python ≥ 3.11 (CI on Ubuntu 24.04 / Python 3.12).
• Thorough Helm/Makefile/JWT helper refresh; tighter typing & linting; 333 unit tests now pass.
• Detailed context-merging algorithm notes added to docs.

🐛 Fixed

• SBOM workflow & make images/docs targets.
• GitHub Remote MCP server addition flow.
• REST path-parameter substitution, PATCH handling, 204 responses.
• Numerous flaky tests and mypy/flake8 violations.

🔐 Security

• Dependency bumps, security-policy updates, CVE scans wired into pre-commit & CI.

📦 Packaging & Deployment

• Helm charts accept external secrets & Redis.
• Docker-compose gains local-image switch; Fly.io guide.
• SBOM generation and license verification now reliable.

👥 New Contributors

Contributor	First delivered in 0.2.0
Abdul Samad	Dark-mode UI, compact version-info
Arun Babu Neelicattu	Raised minimum Python to 3.11
Manoj Jahgirdar	Docs home-page polish
Shoumi Mukherjee	Docs clean-ups & quick-start
Thong Bui	REST adapter path-params, PATCH, 204

Welcome aboard — your PRs made 0.2.0 shine! 🎉

🙏 Returning Contributors who went the extra mile

• Mihai Criveti – release mgmt, Helm refactor, full CI revamp, 333 green tests, security & build updates, mcpgateway.translate.
• Keval Mahajan – implemented Streamable HTTP transport, UI transport column, gateway time-outs, test fixes.
• Madhav Kandukuri – ADRs for federation & UX, dark-mode polish, connection-string export spec, stability fixes.
• Manav Gupta – SBOM & license fixes, Makefile targets, Docker/Fly.io docs.

Huge thanks for keeping the momentum going! 🚀

---

🔗 Resources

• 📚 Docs: https://ibm.github.io/mcp-context-forge/
• 🐳 Container: ghcr.io/ibm/mcp-context-forge:v0.2.0
• 🐍 PyPI: mcp-contextforge-gateway
• 📈 Full changelog: Compare v0.1.1…v0.2.0

MCP Gateway v0.1.1 - Wrapper, Helm & Stability Boost

📦 MCP Gateway v0.1.1 – 2025‑06‑15

This is a feature-packed minor release focused on stability, packaging, wrapper enhancements, and documentation polish. It builds upon the initial public release (v0.1.0) by refining the developer experience and broadening deployment capabilities.

✨ Highlights

• 🔁 New stdio-to-SSE wrapper (mcpgateway.wrapper) that allows legacy MCP clients to interact with modern gateways
• 📦 Run as a Python module: python3 -m mcpgateway.wrapper now supported thanks to package restructure
• 🧪 /ready endpoint for Kubernetes readiness probes
• 🧬 /version API and UI tab for runtime inspection
• 🚀 Helm charts, improved Makefile and CI/CD support
• 📚 Major documentation refresh: Quick starts, pip install, Docker, FAQs, debugging tips, ArgoCD

🆕 Added

• New mcpgateway.wrapper with CLI and stdio support to connect to authenticated SSE gateways
• /version endpoint (also available via UI tab and CLI --version)
• /ready endpoint for Kubernetes readiness probes
• New Helm charts and Kubernetes deployment assets
• Improved CLI entry point via mcpgateway script (uses Uvicorn under the hood)
• Python module now supports python3 -m mcpgateway.wrapper for stdio clients
• Documentation updates: quoting advice for zsh, docker quick start, dev container, FAQ, GitHub review process, PyPi setup, ArgoCD
• Makefile targets for ArgoCD
• Initial mcpgateway.translate support to turn stdio -> SSE. More features & protocol translation options coming soon.

🐛 Fixed

• Fixed errors when deleting gateways with active metrics
• Improved gateway addition logic when tools overlap — now adds missing tools without failure
• Resolved basic authentication header bugs for tools and gateways
• Captured detailed exceptions using ExceptionGroup support for better logs
• Corrected static path resolution when installing as a wheel

📦 Packaging & Deployment

• Renamed PyPi package to avoid conflicts (mcp-contextforge-gateway)
• Enhanced Makefile with docker-run-ssl-host and new publishing targets
• Added VS Code Dev Container + GitHub Codespaces support
• Added support for APP_ROOT_PATH when reverse proxying (e.g., behind /gateway)

👥 New Contributors

• @rakdutta, @MohanLaksh, @manavgup, @calculus-ask, @manojjahgirdar, @ryanmarc

---

🔗 Resources

• 📚 Docs: https://ibm.github.io/mcp-context-forge/
• 🐳 Container: ghcr.io/ibm/mcp-context-forge:v0.1.1
• 🐍 PyPI: mcp-contextforge-gateway
• 📈 Full changelog: Compare v0.1.0...v0.1.1

MCP Gateway 0.1.0 – Initial public release

Overview

Initial public release of MCP Gateway - a FastAPI-based gateway and federation layer for the Model Context Protocol (MCP).
This preview delivers a fully-featured core, production-grade deployment assets and an opinionated developer experience.

---

🚪 Core protocol & gateway

• 📡 MCP protocol implementation – initialise, ping, completion, sampling, JSON-RPC fallback
• 🌐 Gateway layer in front of multiple MCP servers with peer discovery & federation

🔄 Adaptation & transport

• 🧩 Virtual-server wrapper & REST-to-MCP adapter with JSON-Schema validation, retry & rate-limit policies
• 🔌 Multi-transport support – HTTP/JSON-RPC, WebSocket, Server-Sent Events and stdio

🖥️ User interface & security

• 📊 Web-based Admin UI (HTMX + Alpine.js + Tailwind) with live metrics
• 🛡️ JWT & HTTP-Basic authentication, AES-encrypted credential storage, per-tool rate limits

📦 Packaging & deployment recipes

• 🐳 Container images on GHCR, self-signed TLS recipe, health-check endpoint
• 🚀 Deployment recipes – Gunicorn config, Docker/Podman/Compose, Kubernetes, Helm, IBM Cloud Code Engine, AWS, Azure, Google Cloud Run

🛠️ Developer & CI tooling

• 📝 Comprehensive Makefile (80 + targets), linting, > 400 tests, CI pipelines & badges
• ⚙️ Dev & CI helpers – hot-reload dev server, Ruff/Black/Mypy/Bandit, Trivy image scan, SBOM generation, SonarQube helpers

🗄️ Persistence & performance

• 🐘 SQLAlchemy ORM with pluggable back-ends (SQLite default; PostgreSQL, MySQL, etc.)
• 🚦 Fine-tuned connection pooling (DB_POOL_SIZE, DB_MAX_OVERFLOW, DB_POOL_RECYCLE) for high-concurrency deployments

📈 Observability & metrics

• 📜 Structured JSON logs and /metrics endpoint with per-tool / per-gateway counters

📚 Documentation

• 🔗 MkDocs site – https://ibm.github.io/mcp-context-forge/

---

Installation (container quick-start)

docker run -d --name mcpgateway \
  -p 4444:4444 \
  -e HOST=0.0.0.0 \
  -e JWT_SECRET_KEY=my-test-key \
  -e BASIC_AUTH_USER=admin \
  -e BASIC_AUTH_PASSWORD=changeme \
  -e AUTH_REQUIRED=true \
  -e DATABASE_URL=sqlite:///./mcp.db \
  ghcr.io/ibm/mcp-context-forge:v0.1.0

Full Changelog: https://github.com/IBM/mcp-context-forge/commits/v0.1.0