ViperJuice/mcp-gateway

v1.12.0 Feature

This release adds 1 notable feature for engineering teams evaluating rollout.

Published 1mo MCP Servers

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Affected surfaces

auth

Summary

AI summary

Redacted bearer query parameters to prevent credential leakage.

Full changelog

Added

Added an offline AUTHSOAK release-gate matrix for local API-key auth,
remote bearer-header placeholders, remote auth challenges, insufficient
scopes, URL-mode elicitation, malicious auth URLs, and non-secret
status/doctor/feedback evidence.

Changed

Tightened operator auth documentation for env-store scope selection, remote
header placeholders, URL-mode non-goals, redaction limits, and HTTP endpoint
exposure expectations.

Fixed

Redacted bearer= query parameter values anywhere auth URLs are sanitized or
rendered in diagnostics.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track ViperJuice/mcp-gateway

Get notified when new releases ship.

About ViperJuice/mcp-gateway

A meta-server for minimal Claude Code tool bloat with progressive disclosure and dynamic server provisioning. Exposes 9 stable meta-tools, auto-starts Playwright and Context7, and can dynamically provision 25+ MCP servers on-demand from a curated manifest.

All releases →