Skip to content

v0.21.0

Latest
Latest

Choose a tag to compare

View all tags
@sooperset sooperset released this 02 Mar 07:49
· 4 commits to main since this release
v0.21.0
c450a16
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

This release adds 4 new tools (sprint management, page moves, page diffs, comment replies), OAuth proxy support, markdown table rendering, and multiple content processing fixes.

✨ Features

Jira

  • Sprint Management: Move issues between sprints with the new jira_add_issues_to_sprint tool (#1078)
  • Cloud Search Pagination: jira_search now returns next_page_token for cursor-based pagination on Cloud (#1079)
  • Field Options Filtering: jira_get_field_options supports contains, return_limit, and values_only params for targeted lookups (#1074)
  • Markdown Tables: Markdown tables in descriptions and comments are now converted to native ADF table nodes on Cloud (#1089)

Confluence

  • Move Pages: Relocate pages between parents or spaces with the new confluence_move_page tool (#1080)
  • Page Version Diff: Compare two page versions with the new confluence_get_page_diff tool (#1083)
  • Comment Replies: Reply to existing comments with the new confluence_reply_to_comment tool (#1070)
  • Page Width Layout: Library-level support for controlling page width (default / full-width) on Cloud. Available via the Confluence fetcher API; MCP tool integration planned for a future release (#1091)
  • Server/DC User Search: confluence_search_user now supports Server/DC via group member fallback (#1081)

Authentication

  • OAuth Proxy: Opt-in OAuth 2.0 proxy with Dynamic Client Registration (DCR), PKCE, consent flow, and grant type hardening (#1054)
  • Header Auth Bypass: New IGNORE_HEADER_AUTH env var to ignore proxy-injected Authorization headers and use server-configured credentials (#1073)

🐛 Fixed

Jira

  • Code Block Corruption: {code} and {noformat} blocks in Server/DC wiki markup are now protected from markup conversion corruption (#1059)
  • Custom Field Preservation: Complex custom field values (nested objects, arrays) are no longer silently converted to strings (#1058)
  • Panel Block Handling: {panel} blocks and bare URLs in wiki markup are now correctly converted to markdown (#1055)
  • Field Name Matching: fixVersions, issuetype, and other API field names are now correctly recognized in should_include_field checks, fixing field exclusion when users request specific fields (#1076)

Preprocessing

  • Code Span Truncation: Inline code spans (<code>) are no longer broken by HTML content truncation (#1094)

🔒 Security

  • URL Validation Bypass: Prevented SSRF allowlist bypass where evil-atlassian.net could match the atlassian.net domain check — now uses strict .{domain} suffix matching (#1087)

Contributors

Thanks to @Poggen, @Troubladore, @djb2c, @Lama9, @iiiokojiadbi, @Arbuzov, @solganik, @johnny, @pibylick, @nulvox, @yliu, and @reneleonhardt!

Full Changelog: v0.20.1...v0.21.0

Contributors

johnny, solganik, and 10 other contributors
Assets 2
Loading