Skip to content

v0.22.0

Choose a tag to compare

@sooperset sooperset released this 10 Jul 13:39
b041733

v0.22.0

This release bundles three months of community contributions with a coordinated security hardening pass across the attachment, transport, SSRF-validation, filtering, and OAuth layers.

πŸ”’ Security

A security audit (37 advisories, consolidated into root-cause families) was resolved in this release. Advisories are being published with "fixed in 0.22.0" β€” highlights:

Each fix ships with permanent regression tests. Thanks to everyone who reported β€” including overlapping public reports from @failsafesecurity and @rober15.

✨ Features

Jira

  • Dedicated assign_issue tool (#1152) and search_assignable_users for free-form user lookup (#1358)
  • jira_move_issue for cross-project moves (#1273) and move_issues_to_backlog (#1333)
  • jira_search_projects using the projects picker API (#1247)
  • update_version tool (#1349)
  • get_issue gains an include param for inline enrichments (#1125)
  • Issue type and field discovery tools (#1123)
  • ADF/markdown: panel nodes (#1219), task lists - [ ] β†’ taskList (#1280), [~accountid:UUID] mentions (#1307), display-name mentions (#1228)
  • account_id exposed in simplified user profiles (#1347)

Confluence

  • Inline comment tools with Server/DC v1 payload fix (#1264)
  • confluence_update_page_section for lossless partial page updates (#1141)
  • content_file input for create/update page (#1275)
  • content_base64 input for upload_attachment β€” upload from in-memory content when the server can't read host file paths (#1366)
  • Content and space permission checking tools (#1320)
  • get_page resolves Confluence tiny links and page URLs (#1222)
  • Table layout, page width, page restrictions, and copy-page support (#1178)

Server/Transport

  • Opt-in HTTP hardening: urllib3 retries with Retry-After respect, outbound rate limit, process-wide concurrency cap, circuit breaker, and pagination clamp β€” all disabled by default, tunable via env (#1310)

πŸ› Fixed

Jira

  • update_issue: null values clear fields (#1140); loud failure when assignee can't be resolved (#1380); tolerate default comment fields (#1334)
  • Pagination: get_worklogs returns all entries (#1223); newest comments first when limiting (#1218)
  • 'me' identifier in get_user_profile (#1120); sub-task name match preference (#1331); version field allowed in issue field selection (#1227)
  • Version creation uses correct API per deployment (#1339; #1350)
  • Markdown: full table block parsing (#1379); no intraword-underscore italics (#1361)
  • Embedded media preserved on Cloud description updates (#1224); case-sensitive dev-status applicationType (#1153); simplified get_all_projects output (#1291)

Confluence

  • DC/Server attachment upload completed β€” XSRF header, POST method, versioning fallback (#1253); upload API errors surfaced (#1441)
  • Cloud attachment URLs: /wiki prefix on upload/delete (#1386); v1 REST endpoint for downloads (#1369)
  • Page tree position sort normalization (#1352); v2 API for page children (#1304); history in get_page_content expand (#1117)
  • User mentions: ri:userkey / ri:username handling (#1298); bare-filename img tags become attachment macros (#1176)

Server/Transport & Auth

  • Require a FastMCP version with event-store support (#1351)
  • Per-user OAuthConfig guarded against BYO global config (#1364)
  • Explicit User-Agent on Jira/Confluence sessions (#1326)
  • Auth token redacted in unsupported-Authorization logs (#1160)
  • Jira Server/DC string response handling + xhtml content format (#1231)

Full Changelog: v0.21.1...v0.22.0