diff --git a/CHANGELOG.md b/CHANGELOG.md index c092bcb..01ac79f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,26 @@ +## v0.25.0 (2025-11-05) + +### BREAKING CHANGE + +- All OAuth deployments must be reconfigured to specify +resource URIs (NEXTCLOUD_MCP_SERVER_URL and NEXTCLOUD_RESOURCE_URI) and +choose between multi-audience or token exchange mode. + +### Feat + +- Implement ADR-005 unified token verifier to eliminate token passthrough vulnerability + +### Fix + +- Implement proper OAuth resource parameters and PRM-based discovery +- Simplify token verifier to be RFC 7519 compliant +- Use Keycloak client ID for NEXTCLOUD_RESOURCE_URI in token exchange +- Correct OAuth token audience validation for multi-audience mode + +### Refactor + +- Eliminate duplicate validation logic in UnifiedTokenVerifier + ## v0.24.1 (2025-11-04) ### Fix diff --git a/charts/nextcloud-mcp-server/Chart.yaml b/charts/nextcloud-mcp-server/Chart.yaml index 0330f5b..1537807 100644 --- a/charts/nextcloud-mcp-server/Chart.yaml +++ b/charts/nextcloud-mcp-server/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: nextcloud-mcp-server description: A Helm chart for Nextcloud MCP Server - enables AI assistants to interact with Nextcloud type: application -version: 0.24.1 -appVersion: "0.24.1" +version: 0.25.0 +appVersion: "0.25.0" keywords: - nextcloud - mcp diff --git a/pyproject.toml b/pyproject.toml index d0223e0..188f90b 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "nextcloud-mcp-server" -version = "0.24.1" +version = "0.25.0" description = "Model Context Protocol (MCP) server for Nextcloud integration - enables AI assistants to interact with Nextcloud data" authors = [ {name = "Chris Coutinho", email = "chris@coutinho.io"} diff --git a/uv.lock b/uv.lock index cba465f..871e4ea 100644 --- a/uv.lock +++ b/uv.lock @@ -975,7 +975,7 @@ wheels = [ [[package]] name = "nextcloud-mcp-server" -version = "0.24.1" +version = "0.25.0" source = { editable = "." } dependencies = [ { name = "aiosqlite" },