Release date 2026/06/04
Fixed stale tools cache after full-sync reconfigure (e.g. deck sync), causing tools/list to return empty results.
Fixed an issue where converted HTTPS MCP tool calls lost the original forwarded port on the internal TLS Unix socket.
Release date 2026/05/25
Fixed an issue where raw non-200 upstream responses triggered misleading MCP body parse warnings.
Fixed an issue where, since 3.14, call tools converted from API could fail when Kong used a self-signed certificate.
Fixed an issue where tool id might be repeated.
Release date 2026/04/28
Fixed an issue where WWW-Authenticate: Bearer error=”insufficient_scope” header was not emitted.
Release date 2026/04/07
Added support for ACL with OAuth claim.
Added support for session sharing and active notice when doing MCP conversion.
Fixed an issue where the latest 2025-11-25 spec defines the Authorization error codes which are different from ours.
Fixed an issue where ACL denial caused parsing body failure.
Fixed an issue where the ACL metric label value was incorrect.
Fixed an issue where tools/list could expose tools to consumers denied by tool ACL in listener mode.
Fixed an issue where we didn’t keep the port after MCP conversion.
Fixed an issue where we have not reported metrics to konnect since 3.13.
Fixed an issue where PATCHing the tool caused an error.
reduced tool cache build time and avoided long blocking.
Release date 2026/05/05
Fixed an issue where ACL denial caused parsing body failure.
Fixed an issue where we didn’t keep the port after MCP conversion.
Release date 2026/04/08
Fixed an issue where the latest 2025-11-25 spec defines the Authorization error codes which are different from ours.
Fixed an issue where the ACL metric label value was incorrect.
Fixed an issue where we have not reported metrics to konnect since 3.13.
Release date 2026/02/01
Fixed an issue where tools/list could expose tools to consumers denied by tool ACL in listener mode.
Fixed an issue where PATCHing the tool caused an error.
Release date 2025/12/18
Added support for MCP ACL control.
Added support for cookie in OpenAPI spec when doing MCP conversion.
Added support for structured output from MCP conversion.
Fixed an issue where path traversal can be done with path parameter.
Fixed an issue where MCP server could not call upstream when proxy protocol is used.
Fixed an issue where failing to fetch tools cache was not handled properly.
Fixed an issue where forwarding client headers to upstream could not be disabled.
Fixed an issue where trusted ip relative headers were forwarded upstream.
Fixed an issue where tools/call could accept malformed requests and generate wrong responses.
Fixed an issue where path invalid error was not handled properly.
Fixed an issue where we could not override the upstream’s scheme when converting MCP tool to RESTful API.
Fixed an issue where MCP server could not call upstream when self-signed certificate is used in Kong.
Fixed an issue where mcp proxy is not parsing default values properly.
Fixed an issue when using passthrough-mode, tools without tool ACL do not apply default ACL.
Release date 2026/02/26
Fixed an issue where path traversal can be done with path parameter.
Fixed an issue where PATCHing the tool caused an error.
Release date 2025/12/10
Fixed an issue where failing to fetch tools cache was not handled properly.
Fixed an issue where trusted ip relative headers were forwarded upstream.
Fixed an issue where tools/call could accept malformed requests and generate wrong responses.
Fixed an issue where path invalid error was not handled properly.
Fixed an issue where we could not override the upstream’s scheme when converting MCP tool to RESTful API.
Release date 2025/11/18
Fixed an issue where MCP server could not call upstream when proxy protocol is used.
Fixed an issue where forwarding client headers to upstream could not be disabled.
Fixed an issue where MCP server could not call upstream when self-signed certificate is used in Kong.