github googleapis/mcp-toolbox v1.5.0
on GitHub

5 hours ago

1.5.0 (2026-06-18)

Features

  • auth/google: Require audience or clientId for mcpEnabled (#3450) (59f7b6e)
  • Enable per source level flags for sql commenter (#3465) (ecce6b7)
  • mcp: Add URL parameter binding for HTTP transport (#3112) (0cc7b37)
  • scylladb: Adding support for ScyllaDB source and tool (#3119) (2dada83)
  • server: Add support for toolset filtering in prebuilt CLI flag (#3245) (7cc4f65)
  • skills: Generate skills offline without live source connections (#3388) (4c860b6)
  • skills: Tolerate missing env vars during offline skills-generate (#3399) (ea5d3e5)
  • source/cloud-storage: Restrict bucket and local path access (#3454) (2c3ca5d)
  • tools/bigquery: Add per tool query label in BigQuery jobs (#1975) (3f6a49f)
  • tools/dataplex: Add tools to support metadata enrichment workflow (#3270) (05289aa)
  • tools/mysql: Add show-query-stats and list-all-locks tools for MySQL and Cloud SQL MySQL source (#2954) (a9693bd)
  • tools: Decouple tool initialization from sources (#3355) (32a24e3)

Bug Fixes

  • auth/dataplex: Fix failing source with service account credentials (#3369) (ba4deef)
  • bigquery: Wire maximumBytesBilled into prebuilt config (#3385) (4abbf6e)
  • Bound MCP HTTP body size (#3216) (d4f4342)
  • config: Add doc/line context to parse errors (#2957) (4b097da)
  • Escape delimiter characters in applyEscape to prevent SQL injection (#2811) (932519a)
  • npm: Source binary version from cmd/version.txt (#3417) (6ffbdec)
  • prebuilt/alloydb-omni: Require password env var explicitly (#3398) (fcbe3e7)
  • server: Fail if MCP auth is enabled together with enable-api (#3435) (a6ff910)
  • server: Return errors instead of panicking in InitializeConfigs (#3397) (f48b01d)
  • source/cloudhealthcare: Validate pageURL parameter to prevent SSRF (#3453) (9abf47d)
  • source/dataplex,source/datalineage: Specify cloud-platform scope for default credentials (#3376) (13e8c36)
  • source/http: Implement SSRF guard (#3448) (24d7d29)
  • tool/bigquery-execute-sql: Prevent dataset restriction bypass (#3452) (ca6d5e3)
  • tool/mysql-get-query-plan: Prevent query execution bypass and statement injection (#3235) (7ed1e7b)
  • tool/spanner-sql,tool/spanner-execute-sql: Use read-only annotations when readOnly is set (#3338) (8bde0ec)
Check out latest releases or
releases around googleapis/mcp-toolbox v1.5.0

Don't miss a new mcp-toolbox release

NewReleases is sending notifications on new releases.

Get notifications