Skip to content

portainer/portainer-mcp

v2.42.2 Feature

This release adds 2 notable features for engineering teams evaluating rollout.

Published 7d MCP SaaS Integrations
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai containerization llm mcp mcp-server portainer

Affected surfaces

auth

Summary

AI summary

Env values are now redacted by default and tool annotations indicate read‑only status.

Changes in this release

Feature Medium

Redacts environment variable values in all responses before sending to the model.

Redacts environment variable values in all responses before sending to the model.

Source: llm_adapter@2026-05-28

Confidence: high
Feature Medium

Adds `readOnlyHint` annotation to every generated tool indicating read-only status.

Adds `readOnlyHint` annotation to every generated tool indicating read-only status.

Source: llm_adapter@2026-05-28

Confidence: high
Bugfix Medium

Re‑serialises JSON proxy responses to remove whitespace and enforce consistent key ordering when redaction is active.

Re‑serialises JSON proxy responses to remove whitespace and enforce consistent key ordering when redaction is active.

Source: llm_adapter@2026-05-28

Confidence: low
Full changelog

Targets Portainer 2.42.x. Patch release on the 2.42 line.

Added

  • Env value redaction on every response. Stack, container, and Kubernetes env values are rewritten to [REDACTED] before leaving the MCP tool boundary, so secrets don't leak into the model's context just because a tool happened to include them. Redaction runs before JMESPath select, so a projection like select="Env[0].value" lands on the sentinel. The response carries a one-line summary naming the toggle. Set PORTAINER_EXPOSE_ENV_VALUES=1 to disclose; the posture is logged at startup. Covers Portainer Env/EnvVars pairs, Docker "KEY=VAL" strings, and Kubernetes env[].value; K8s valueFrom references are preserved. See #61.
  • readOnlyHint tool annotation. Every generated tool now carries the MCP readOnlyHint annotation so clients can relax approval prompts for non-mutating calls. Spec-derived tools derive it from the HTTP method (GET/HEAD read-only, everything else a write); docker_proxy / kubernetes_proxy track PORTAINER_READ_ONLY. The hint is a client-side UX signal, not enforcement.

Changed

  • Proxy responses (docker_proxy, kubernetes_proxy) are now re-serialised through json.dumps whenever they're JSON and the redaction posture is active (the default). Output is byte-identical for the model but no longer preserves upstream whitespace or key ordering. Non-JSON bodies (logs, stats, error pages) still pass through verbatim.

Full Changelog: https://github.com/portainer/portainer-mcp/compare/2.42.1...2.42.2

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track portainer/portainer-mcp

Get notified when new releases ship.

Sign up free

About portainer/portainer-mcp

Portainer MCP server

All releases →

Related context

Earlier breaking changes

  • v2.42.1 Breaks `make dev` to now require PORTAINER_MCP_AUTH_TOKEN for local HTTP loop.

Beta — feedback welcome: [email protected]