Skip to content

r33drichards/mcp-js

v0.6.0 Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 2mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

javascript mcp mcp-server

Affected surfaces

auth

Summary

AI summary

Removed --secure-sessions; use --jwks-url with header‑based sessions instead.

Full changelog

What's Changed

  • Remove --secure-sessions, simplify to --jwks-url + header-based sessions by @r33drichards in https://github.com/r33drichards/mcp-js/pull/106
  • feat(ci): add aarch64-linux binary to release workflow by @r33drichards in https://github.com/r33drichards/mcp-js/pull/108

Full Changelog: https://github.com/r33drichards/mcp-js/compare/v0.5.2...v0.5.3

Breaking Changes

  • Removed the `--secure-sessions` flag; migration requires using `--jwks-url` and header‑based sessions.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track r33drichards/mcp-js

Get notified when new releases ship.

Sign up free

About r33drichards/mcp-js

A Javascript code execution sandbox that uses v8 to isolate code to run AI generated javascript locally without fear. Supports heap snapshotting for persistent sessions.

All releases →

Related context

Earlier breaking changes

  • v0.11.0 Switch license from ISC to GNU Affero General Public License v3

Beta — feedback welcome: [email protected]