This release includes breaking changes for platform teams planning a safe upgrade.
Published 2mo
MCP Developer Tools
✓ No known CVEs patched
✓ No known CVEs patched in this version
Topics
ai-agents
anthropic
api-gateway
api-to-mcp
chatgpt
claude
+14 more
database
gemini
graphql
llm-tools
mcp
mcp-gateway
mcp-middleware
mcp-proxy
mcp-server
model-context-protocol
openapi
rest
self-hosted
soap
Affected surfaces
auth
Summary
AI summaryProactive OAuth2 token refresh adds automatic pre‑expiry renewal and session management clears stale JWTs on 401.
Full changelog
What's new
Proactive OAuth2 token refresh
- Tokens are now refreshed automatically before they expire (5-minute buffer), so AI clients never encounter a 401 due to token expiration
- Per-connector refresh mutex prevents concurrent refresh storms
McpClientEnginenow uses the sharedOAuth2TokenServicewith DB persistence (removed duplicate logic)expiresAttimestamp is stored at initial OAuth grant for accurate expiry tracking
Frontend session management
- Saved JWT is validated against the backend on page load — stale tokens are cleared immediately
- Auto-logout on 401: if any API call returns Unauthorized, the user is redirected to login
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About AnythingMCP
All releases →Related context
Beta — feedback welcome: [email protected]