Skip to content

v0.21.0

Pre-release
Pre-release

Choose a tag to compare

View all tags
@docker-read-write docker-read-write released this 29 Sep 18:20
· 471 commits to main since this release
v0.21.0
0c107cb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Release Notes - v0.21.0

Release Date: September 26, 2025

πŸš€ New Features

OAuth 2.0 Dynamic Client Registration (DCR)

  • Added support for OAuth 2.0 Dynamic Client Registration (RFC 7591) for MCP servers
  • Implemented automatic OAuth 2.0 Authorization Server Discovery (RFC 8414) and Protected Resource Metadata (RFC 9728)
  • Added new mcp-oauth-dcr feature flag to enable/disable DCR functionality
  • Automatic OAuth server discovery from MCP server 401 responses
  • Public client registration using PKCE for enhanced security
  • Secure token storage via docker-credential-desktop
  • Automatic token refresh handling with client pool invalidation
  • Complete WWW-Authenticate header parsing (RFC 6750) with fallback to well-known endpoints
  • Full compliance with OAuth 2.0/2.1 and MCP Authorization specifications

Self-Contained Image Support

  • Gateway now supports hosting self-contained MCP server images without requiring a catalog (#151)
  • Changed self-contained image prefix from docker.io/ to docker:// for clearer semantics
  • Enables running MCP servers directly from Docker images

Client Support

  • Added support for Claude Code and Opencode AI clients (#156)
  • Added Zed editor client configuration (#143)
  • JSON parsing with comment support using tailscale/hujson for Zed's settings.json

πŸ”§ Improvements

  • Added metrics middleware to dynamic tools for better observability
  • Default verify-signatures setting now disabled when running in a container (#152)
  • Provide ResourceURL when registering DCR for improved OAuth flow (#153)
  • Made ls/list commands consistent across the CLI (#141, #144)

πŸ—οΈ Code Structure Changes

  • Moved internal package to pkg for better public API exposure
  • Moved integration tests to improve project organization

πŸ“š Documentation

  • Added documentation for importing OSS MCP registry
  • Updated documentation for new mcp-oauth-dcr feature flag
  • Various documentation improvements and typo fixes

πŸ› Bug Fixes

  • Fixed WWW-Authenticate header handling when header is missing or invalid
  • Added fallback to use well-known OAuth endpoint discovery
  • Resolved Accept header conflict issues in remote MCP connections
  • Various code simplifications and cleanup
Assets 8
Loading