You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(mcp): validate Host/Origin headers on MCP HTTP transports #643 (@vishal-bala)
fix(router): remove persisted route_config key on SemanticRouter.delete() #635 (@vishal-bala)
🧪 Tests
tests: eliminate NLTK stopwords download race under pytest-xdist #644 (@vishal-bala)
test: harden Redis-backed test isolation under pytest-xdist (#546) #636 (@vishal-bala)
CI/CD Changes
ci: pin RediSearch WORKERS to 0 to fix flaky redis:latest tests #641 (@vishal-bala)
Use PyPI Trusted Publishing for publishing releases #640 (@limjoobin)
Additional Notes
MCP Host/Origin validation now defaults ON (#643, security). sse/streamable-http servers reject requests with a non-allowlisted Host or cross-site Origin. Loopback is unaffected; reverse-proxy / non-loopback deployments must set transport_security.allowed_hosts (and allowed_origins for browsers). stdio is never affected.
nltk removed (#645). The redisvl[nltk] extra no longer exists; stopwords (33 languages) now ship in-package. stopwords="english" is unchanged aside from no longer downloading at runtime. Remove [nltk] from your install extras.
Multi-index MCP is backward compatible (#646). Existing single-index configs and callers are unchanged; multi-index is additive.