First tagged rust-junosmcp release since v0.6.3. Tool surface 15 → 17.
Added
commit_check_config(#95) — non-destructivecommit check: loads a candidate, returns{success, diff, error?}, then discards it. Never activates config. Own token scope (least-privilege). 15 → 16.discard_candidate(#107) — discard uncommitted candidate changes (rollback 0) to recover a candidate left dirty ("configuration database modified"). Never changes the running config. Own token scope. 16 → 17.junos_config_diff(#108) — when the on-box config won't parse for the current mode (e.g. after a chassis-cluster change), the raw parse error now carries an actionable hint instead of leaving the caller blind.
Security
rmcp0.8.5 → 2.0.0, closing RUSTSEC-2026-0189 (DNS rebinding in the Streamable HTTP transport). The transport now enforces aHostallowlist (default: loopback only). New flags--allowed-host <HOST>(repeatable) and--disable-host-check. Off-loopback deployments MUST pass--allowed-hostfor their LAN authority or clients receive HTTP 403.quick-xml0.36 → 0.41 (+rustez0.12.1 /rustnetconf0.12.3), closing RUSTSEC-2026-0194 / RUSTSEC-2026-0195 (quick-xml DoS). JTAC-bundle redaction now suppresses quick-xml 0.41GeneralRefentity events inside redacted elements — a bare version bump would have leaked entity fragments of secrets.
Full changelog: https://github.com/fastrevmd-lab/RustJunosMCP/blob/main/CHANGELOG.md
Diff: v0.6.3...v0.7.0