Skip to content

Release v0.6.26

Choose a tag to compare

View all tags
@github-actions github-actions released this 06 Jun 08:19
· 136 commits to main since this release
v0.6.26
b627609

🎉 Release v0.6.26

📦 Docker Images

# Docker Hub
docker pull agigante80/actual-mcp-server:0.6.26

# GitHub Container Registry
docker pull ghcr.io/agigante80/actual-mcp-server:0.6.26

📝 Changelog

  • docs(skill): add Phase 8 'confirm CI green after push' to implement-ticket (b627609)
  • ci(fix): disable actionlint shellcheck integration to make the lint job deterministic (#180) (896122e)
  • chore(release): bump version to 0.6.26 (a50d347)
  • chore(deps-dev): bump @playwright/test to 1.60.0 and @types/node to 25.9.2 (#155) (fb6ac15)
  • ci(security): scope actionlint lint job to contents:read (#170) (b344839)
  • ci: enforce GitHub Actions workflow linting with actionlint (#170) (626722e)
  • chore(release): bump version to 0.6.25 (#162) (666fbd2)
  • feat(security): read-only shape gate for actual_query_run (#162) (5a90665)
  • chore(release): bump version to 0.6.24 (#163) (33d6423)
  • fix(security): verify req.auth.subject in OIDC mode, not just AUTH_PROVIDER (#163) (87fd5fe)
  • chore(release): bump version to 0.6.23 (#160) (d953d33)
  • fix(security): enforce JWT audience claim in OIDC verification (#160) (0a67a89)
  • chore(release): bump version to 0.6.22 (#164) (69e10ac)
  • fix(pool): shut sessions down sequentially with a singleton guard (#164) (14f6836)
  • chore(release): bump version to 0.6.21 (#165) (898f93b)
  • fix(adapter): non-idempotent delete/close/merge ops use retries:0 (#165) (238dae5)
  • docs(compose): note ALLOW_INSECURE_UPSTREAM migration for #161 (40e225b)
  • chore(release): bump version to 0.6.20 (#161) (d0843b5)
  • feat(security): refuse http upstream when an E2E encryption password is set (#161) (5b603f4)
  • chore(release): bump version to 0.6.19 (#168) (cdaa25b)
  • feat(security): explicit body-size limit on express.json via MCP_HTTP_BODY_LIMIT (#168) (7b17e6e)
  • test(integration): make #178 e2e fully self-contained (create + seed + delete its own transaction) (0a7552a)
  • chore(release): bump version to 0.6.18 (#169) (449495b)
  • fix(config): require both HTTPS cert and key when MCP_ENABLE_HTTPS=true (#169) (aae3025)
  • test(integration): make #178 imported_payee e2e self-sufficient (query a txn instead of context ordering) (b3a9d78)
  • chore(release): bump version to 0.6.17 (#171) (21bcac4)
  • refactor(pool): add connectionPool.has(), remove 'as any' cast in session_close (#171) (5989eef)
  • test(integration): add positive + negative coverage for #178 WHERE operators (52bc2b8)
  • chore(tooling): add implement-ticket skill and command (44c700f)
  • chore(release): bump version to 0.6.16 (3ec34b9)
  • feat(query): support LIKE/NOT LIKE/IS NULL in actual_query_run, reject unsupported WHERE operators (#178) (c3ea59a)

🔒 Security

This release has been scanned for vulnerabilities. Check the Security tab for details.

Full Changelog: v0.6.16...v0.6.26

Assets 2
Loading