github IBM/mcp-context-forge v1.0.0-RC2
v1.0.0-RC2 - Hardening, Admin UI Polish, Plugin Framework & Quality
on GitHub

19 hours ago

v1.0.0-RC2 - Hardening, Admin UI Polish, Plugin Framework & Quality

Release Candidate 2 focuses on security hardening, Admin UI polish, plugin framework decoupling, and quality improvements with 148 issues resolved.

Major Achievements

Release 1.0.0-RC2 hardens ContextForge for production deployments:

  • Security Hardening - SSRF strict defaults, OIDC id_token verification, OAuth secret at-rest protection, WebSocket/reverse-proxy gating, token scoping default-deny, session ownership enforcement, resource visibility scoping, 40+ security controls tightened
  • Admin UI - 30+ fixes for virtual server editing, team selectors, pagination, search/filter, iframe/proxy support, plugin management, and OAuth forms
  • API & Auth - Token lifecycle fixes, team-scoped permission enforcement, CSRF multi-pod support, metrics consistency, gateway visibility propagation
  • Plugins - Plugin framework decoupled from core, Cedar RBAC plugin, IP-based rate limiting
  • Testing - Comprehensive Playwright automation, MCP protocol e2e via mcp-cli, 100% Locust API coverage, 12 manual test plans completed
  • Features - RBAC role management API, ALLOW_PUBLIC_VISIBILITY flag, unified search/filter, mTLS support, multiarch builds, EntraID group limits

Security Highlights: SSRF protection now defaults to strict mode (block localhost, private networks, fail-closed DNS). WebSocket relay and reverse-proxy transports are disabled by default behind opt-in feature flags. OIDC SSO flows verify id_token signatures cryptographically. The plugin framework is now fully decoupled from gateway internals.

Breaking Changes

SSRF Protection Defaults Inverted to Strict (#3101)

Action Required: Three SSRF defaults have changed from permissive to strict.

Setting Old Default New Default
SSRF_ALLOW_LOCALHOST true false
SSRF_ALLOW_PRIVATE_NETWORKS true false
SSRF_DNS_FAIL_CLOSED false true

Migration: Set SSRF_ALLOWED_NETWORKS=["10.20.0.0/16","192.168.50.0/24"] to allow specific internal ranges, or restore previous behavior with SSRF_ALLOW_LOCALHOST=true, SSRF_ALLOW_PRIVATE_NETWORKS=true, SSRF_DNS_FAIL_CLOSED=false.

WebSocket Relay & Reverse Proxy Disabled by Default (#3101)

Setting Default Endpoint
MCPGATEWAY_WS_RELAY_ENABLED false /ws WebSocket JSON-RPC relay
MCPGATEWAY_REVERSE_PROXY_ENABLED false /reverse-proxy/* endpoints

Migration: Set the corresponding feature flag to true if you use these endpoints.

OIDC ID Token Verification Enforced (#3101)

  • SSO callback now cryptographically verifies id_token signatures using the provider's JWKS endpoint
  • New optional SSO_GENERIC_JWKS_URI setting for explicit JWKS endpoint configuration

Migration: Ensure your OIDC provider issues valid id_token values with correct audience and issuer claims.

Token Scoping Default Deny (#3101)

  • API paths not explicitly mapped in the token scoping permission matrix now default to deny

Migration: Custom API extensions need corresponding permission patterns in token scoping middleware.

Session, Resource, and Roots Authorization Tightened

  • POST /message requires session owner or admin authorization
  • GET /roots and JSON-RPC roots/list require admin.system_config
  • JSON-RPC tool execution requires tools.execute permission
  • Import processing strips untrusted ownership fields

Helm Chart Changes

  • MinIO now defaults to minio.enabled=false
  • PostgreSQL uses strategy.type=Recreate with terminationGracePeriodSeconds=120

See CHANGELOG for the complete list of breaking changes with migration tables.

Added

Features

  • RBAC Role Management API (#3071) - Full CRUD for roles, user-role assignments, and permission checks
  • ALLOW_PUBLIC_VISIBILITY Flag (#3286) - Prevent non-admin users from creating public entities
  • View Public Checkbox for Virtual Servers (#3274) - Toggle public resource visibility
  • Display MCP Gateway ID (#3282) - Gateway ID visible in admin interface
  • Unsaved Changes Warning (#3357) - Forms warn before navigating away
  • Standardized Error Responses (#3485) - Consistent RBAC/permission error responses
  • Server-Scoped Token Enforcement (#2743) - /rpc enforces server_id scoping
  • RPC Token Scope Enforcement (#3422) - Per-method scope enforcement in handle_rpc
  • Multiarch Build Platforms (#3506, #2049) - Configurable via PLATFORMS variable

Security

  • Team Governance Feature Flags (#3473) - Disable team creation, joining, and invitations
  • OIDC Metadata Discovery & JWKS Caching - Automatic provider discovery with 5-minute TTL
  • MCP Transport Token Revocation - JTI revocation and user status checks on Streamable HTTP
  • Transport Feature Flags - Opt-in gating for WebSocket relay and reverse proxy

Plugins

  • IP-Based Rate Limiting (#3349) - Rate limiting for anonymous requests
  • Cedar RBAC Plugin (#1429) - AWS Cedar policy engine integration
  • Plugin Framework Decoupling (#2575) - Plugins no longer depend on gateway internals

Fixed

Admin UI (30+ fixes)

  • Virtual Server edit modal — selected tools shown, cancel works, search preserves selections (#3358, #3259, #3260, #3257)
  • Team selector dropdown loads and is clickable (#3426, #3372)
  • Pagination survives search, works with UI hide sections (#3394, #3244)
  • Iframe/proxy navigation and team scope preservation (#3324, #3321, #3351)
  • Custom headers populated in edit forms (#3439, #3241)
  • Server edit OAuth restoration (#3405), OAuth callback URL hint (#3285)
  • Plugins page filters and search (#3271), tools search across all pages (#2159)

API

  • admin_test_gateway crash on masked auth_value (#3539)
  • authheaders gateway null auth_value (#3480)
  • CSRF multi-pod fix (#3431)
  • Metrics key consistency (#3311, #3237)
  • Gateway visibility propagation (#3475)

Auth

  • Session tokens with team-scoped roles on /rpc and /mcp (#3515)
  • Scoped API tokens on POST /rpc and /mcp (#3409)
  • Public virtual server access without admin.system_config (#3408)
  • CSRF token rotation on re-login (#3395)
  • RFC 8414 well-known URL construction (#3088)

Transport

  • SSE resource reads unpack fix (#3378)
  • SSE loopback for internal RPC calls (#3049)

Database

  • OAuth token column size (#3417)
  • Alembic migration idempotency on SQLite (#3420)
  • MySQL 8 initial migration (#3366)

Testing

Migration Guide

From v1.0.0-RC1 to v1.0.0-RC2

Database migrations run automatically on startup. Backup recommended before upgrading.

1. Review Breaking Changes (Required)

This release tightens security defaults. Read the Breaking Changes section above, especially:

  • SSRF defaults inverted to strict (block localhost/private networks)
  • WebSocket relay and reverse proxy disabled by default
  • Token scoping defaults to deny for unmapped paths

2. Update Docker Compose

# Backup database
docker compose exec postgres pg_dump -U postgres mcp > backup.sql

# Pull new image
docker pull ghcr.io/ibm/mcp-context-forge:1.0.0-RC2

# Start - migrations run automatically
docker compose up -d

3. New Environment Variables

# SSRF strict defaults (all changed)
SSRF_ALLOW_LOCALHOST=false          # was true
SSRF_ALLOW_PRIVATE_NETWORKS=false   # was true
SSRF_DNS_FAIL_CLOSED=true           # was false
SSRF_ALLOWED_NETWORKS=[]            # NEW: explicit CIDR allowlist

# Transport feature flags (NEW)
MCPGATEWAY_WS_RELAY_ENABLED=false
MCPGATEWAY_REVERSE_PROXY_ENABLED=false

# OIDC (NEW)
SSO_GENERIC_JWKS_URI=               # optional explicit JWKS endpoint

Resources

Documentation

Source Code

ContextForge Ecosystem

Container Images

Community

Quick Start

# Pull the latest image (auto-selects architecture)
docker pull ghcr.io/ibm/mcp-context-forge:1.0.0-RC2

# Run with minimal configuration
docker run -d --name mcpgateway \
  -p 4444:4444 \
  -e PLATFORM_ADMIN_EMAIL=admin@example.com \
  -e PLATFORM_ADMIN_PASSWORD=changeme \
  ghcr.io/ibm/mcp-context-forge:1.0.0-RC2

# Access Admin UI
open http://localhost:4444/admin

Full Changelog: v1.0.0-RC1...v1.0.0-RC2

Previous Release: v1.0.0-RC1 - Security Hardening, Enterprise Controls & Quality
Next Planned Release: v1.0.0-GA - General Availability

Check out latest releases or
releases around IBM/mcp-context-forge v1.0.0-RC2

Don't miss a new mcp-context-forge release

NewReleases is sending notifications on new releases.

Get notifications