This is a patch release to address a rate-limiting issue with our licensing provider.
Security Advisories and Fixes
As part of this patch release, we’re also publishing 3 security advisories. These were fixed in the v0.23.0 release, so you’re only affected if you’re on a release less than or equal to v0.22.1.
- OAuth Dynamic Client Registration Enables API Token Theft via Audience Confusion (High)
- MCP Registry API readable without authentication (Moderate) (Thanks @hewei-gikaku)
- Server-Side Request Forgery via remote MCP server URL (High)
Full Changelog: v0.23.1...v0.23.2
Contributors
hewei-gikaku