Release 1.24.6 - Update Checker and Dependency Maintenance
June 2026
Upgrading from 1.24.5
This section covers everything you need to know to upgrade from 1.24.5 to 1.24.6.
Upgrading from 1.24.4 or earlier? These notes are incremental from 1.24.5. Read the 1.24.5 release notes first and apply its breaking changes, new environment variables, and upgrade steps (including the Helm
helm dependency build/helm dependency updaterequirement and its new env vars) before following the instructions below.
Breaking Changes
There are no breaking changes in this release. The new update-check feature is opt-out (enabled by default but fail-silent and skipped on dev/local builds), and the auth-server change is observability-only.
New Environment Variables
| Variable | Default | Description |
|---|---|---|
UPDATE_CHECK_ENABLED
| true
| Enable the background poll of the GitHub Releases API that surfaces a newer registry version in an admin-only banner. Fail-silent and air-gap safe. Set false for air-gapped clusters or to silence the banner.
|
UPDATE_CHECK_INTERVAL_HOURS
| 24
| Polling interval in hours for the update-check background task (minimum 1). |
Both are wired across all three deployment surfaces (Docker .env, Terraform/ECS update_check_enabled / update_check_interval_hours, and Helm registry.app.updateCheck.enabled / .intervalHours). See docs/unified-parameter-reference.md Group 13c.
Upgrade Instructions
Docker Compose
cd mcp-gateway-registry
git pull origin main
git checkout 1.24.6
# Review new env vars in .env.example and update your .env if needed
# Then rebuild and restart:
./build_and_run.shKubernetes / Helm (EKS)
Chart values and tests changed in this release (the update-check toggle was added to the registry chart). The packaged subchart .tgz files inside charts/mcp-gateway-registry-stack/charts/ are gitignored and only repackage when you rebuild dependencies, so rebuild before upgrading.
cd mcp-gateway-registry
git pull origin main
git checkout 1.24.6
# REQUIRED: rebuild packaged subcharts so the stack chart picks up the changes
cd charts/mcp-gateway-registry-stack
helm dependency build
helm dependency update
# Update values.yaml if needed (e.g. registry.app.updateCheck), then upgrade:
helm upgrade mcp-gateway . -f your-values.yamlTerraform / ECS
cd mcp-gateway-registry
git pull origin main
git checkout 1.24.6
# Optionally set update_check_enabled / update_check_interval_hours in your .tfvars
cd terraform/aws-ecs
terraform plan
terraform applyDockerHub Images
Pre-built images are available:
docker pull mcpgateway/registry:1.24.6
docker pull mcpgateway/auth-server:1.24.6
docker pull mcpgateway/currenttime-server:1.24.6
docker pull mcpgateway/realserverfaketools-server:1.24.6
docker pull mcpgateway/mcpgw-server:1.24.6
docker pull mcpgateway/fininfo-server:1.24.6
docker pull mcpgateway/metrics-service:1.24.6Major Features
Registry Version Upgrade Nudge (Admin "Newer Release Available" Banner)
The registry now tells admins when a newer release is available, so deployments no longer drift silently behind upstream. A background task polls the GitHub Releases API on startup and on a fixed interval, compares the latest release tag against the running version, and caches the result; an admin-only endpoint (GET /api/system/update-check) reads that cached state with no I/O, and a dismissible banner in the UI surfaces the nudge with a link to the release notes.
Key properties:
- Fail-silent and air-gap safe: any network or parse error is logged and never affects registry operation.
- Dev/local builds never nudge: a plain
docker compose up(noBUILD_VERSION) is skipped outright, andbuild_and_run.shbuilds (non-semver git-describe version) are skipped by the version parser. - Admin-only: the running version and release tag are admin-only operational metadata; non-admins get 403. The endpoint accepts both a browser session cookie and a Bearer JWT.
- Opt-out via
UPDATE_CHECK_ENABLED=false, wired across Docker, Terraform/ECS, and Helm.
LiteLLM Upgrade
The registry's pinned LiteLLM dependency was advanced from the long-held 1.83.14 to >=1.88.0 (and the uv locks refreshed accordingly), picking up upstream provider/model support and fixes across the LLM-routing layer used by search, scanning, and agent features. The minimum-version bump keeps the registry current with LiteLLM's fast-moving release cadence while the exclude-newer quarantine (see below) keeps the resolved versions inside the vetting window.
What's New
Authentication
- Auth server now emits a loud
WARNING(instead of a silentINFO) when it starts against an empty scopes collection, with actionable remediation text pointing atrun-documentdb-init.sh/load-scopes.py. An empty collection silently leaves every user read-only; this makes a skipped post-deployment seeding step easy to diagnose. No change to seeding or access-control behavior. (#1251)
Supply Chain / Dependencies
- Restored the
exclude-newersupply-chain quarantine in alluv.lockfiles (7-day vetting window) and wired theuv sync --lockedDockerfiles to re-export the pinned cutoff so builds resolve under the same constraint that produced the lock. (#1250)
Infrastructure
- Dependabot: bumped the npm_and_yarn group across 2 directories with 3 updates (#1244) and the GitHub Actions group in
.github/workflowswith 4 updates (#1243).
Bug Fixes
- Auth server no longer starts silently with 0 scopes: an empty scopes collection now triggers a
WARNINGwith remediation guidance. (#1251)
Closed Issues
| Issue | Title | Closed By |
|---|---|---|
| #1248 | Auth server starts silently with 0 scopes on an empty collection — emit a loud WARNING | PR #1251 |
| #1229 | Surface canonical server.json via registry MCP tools and make it the default for the UI Copy JSON button | manual |
Pull Requests Included
| PR | Title |
|---|---|
| #1251 | fix(auth): warn loudly when scopes collection is empty (#1248) |
| #1250 | build(deps): restore exclude-newer supply-chain quarantine + wire --locked Docker builds |
| #1247 | Update checker |
| #1246 | Update litellm minimum version and update uv locks |
| #1244 | build(deps): bump the npm_and_yarn group across 2 directories with 3 updates |
| #1243 | build(deps): bump the actions group in /.github/workflows with 4 updates |
Security Dependency Updates
| Package | Previous | Updated | Scope |
|---|---|---|---|
| litellm | 1.83.14 | >=1.88.0 | pyproject.toml (registry)
|
| npm_and_yarn group | - | 3 updates | cli/, frontend
|
| GitHub Actions group | - | 4 updates | .github/workflows/
|
Contributors
Thank you to all contributors for this release:
Plus automated dependency updates from Dependabot.
Support
Full Changelog: 1.24.5...1.24.6
What's Changed
- chore: update image tags to 1.24.5 by @github-actions[bot] in #1240
- build(deps): bump the actions group in /.github/workflows with 4 updates by @dependabot[bot] in #1243
- Update litellm minimum version and update uv locks by @omrishiv in #1246
- build(deps): bump the npm_and_yarn group across 2 directories with 3 updates by @dependabot[bot] in #1244
- Update checker by @omrishiv in #1247
- build(deps): restore exclude-newer supply-chain quarantine + wire --locked Docker builds by @aarora79 in #1250
- fix(auth): warn loudly when scopes collection is empty (#1248) by @aarora79 in #1251
Full Changelog: 1.24.5...1.24.6