upstash/context7

v@upstash/[email protected] Feature

This release adds 1 notable feature for engineering teams evaluating rollout.

Published 2d MCP Developer Tools

✓ No known CVEs patched

✓ No known CVEs patched in this version

Topics

llm mcp mcp-server vibe-coding

Affected surfaces

auth rbac

Summary

AI summary

Adds multi‑tenant Entra ID token validation for MCP

Type	Severity	Summary	CVE
Feature	Medium	Adds multi‑tenant Entra ID validation for MCP tokens. Adds multi‑tenant Entra ID validation for MCP tokens. Source: llm_adapter@2026-06-01 Confidence: high	—
Performance	Low	Implements per-tenant JWKS cache and 5-minute config cache to reduce overhead under load. Implements per-tenant JWKS cache and 5-minute config cache to reduce overhead under load. Source: granite4.1:30b@2026-06-01-audit Confidence: low	—

Full changelog

1fb2d42: Add multi-tenant Microsoft Entra ID validation for MCP tokens. The server now detects inbound Entra v2 tokens by issuer pattern, fetches per-teamspace configuration (tenantId, audience, requiredScope) from the Context7 app, and verifies the token against the matching tenant's JWKS, enforcing the required scope claim when configured. User resolution happens downstream in the Context7 app against a pre-provisioned user mapping table — the MCP server only validates. Per-tenant JWKS cache and a 5-minute in-memory config cache keyed by JWT audience reduce overhead under load.

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track upstash/context7

Get notified when new releases ship.

About upstash/context7

Up-to-date code documentation for LLMs and AI code editors.