Evan Rusackas
|
568f34d6d8
|
fix(mcp): enforce audience, algorithm, issuer binding, and token scopes (strict mode) (#40653)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-09 11:08:20 -07:00 |
|
Amin Ghadersohi
|
7d69f76127
|
fix(mcp): API key authentication for MCP — transport, validation, and RBAC (#39604)
|
2026-06-04 15:04:43 -04:00 |
|
Evan Rusackas
|
ca8855dc03
|
fix(mcp): generic auth errors, required token expiry, and safer auth logging (#40646)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-02 08:31:05 -07:00 |
|
Evan Rusackas
|
817a35f445
|
fix(mcp): deny deactivated user accounts in MCP authentication (#40631)
Co-authored-by: Claude Code <noreply@anthropic.com>
|
2026-06-01 22:08:29 -07:00 |
|
Amin Ghadersohi
|
85935b0b88
|
fix(mcp): handle SSL connection drop during pre-call session teardown (#39917)
|
2026-05-12 02:32:14 -04:00 |
|
Elizabeth Thompson
|
98eaaaa6d6
|
fix(mcp): clear stale thread-local DB session in sync tool wrapper (#39798)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-05-01 09:24:48 -07:00 |
|
Amin Ghadersohi
|
92747246fc
|
fix(mcp): remove JWT ValueError g.user fallback in auth layer (#39106)
|
2026-04-06 12:35:46 -04:00 |
|
Amin Ghadersohi
|
38fdfb4ca2
|
fix(mcp): prevent stale g.user from causing user impersonation across tool calls (#38747)
|
2026-03-30 14:23:46 -04:00 |
|