[ca] Update MCP Gateway from v0.2.12 to v0.2.14 #24663
Description
Summary
MCP Gateway (gh-aw-mcpg) has two new releases since our pinned version. Updated DefaultMCPGatewayVersion from v0.2.12 → v0.2.14 in pkg/constants/version_constants.go and ran make recompile to regenerate 181 workflow lock files.
- Previous: v0.2.12
- New: v0.2.14 (via v0.2.13)
- Timeline: v0.2.13 released 2026-04-04, v0.2.14 released 2026-04-05
Changes
v0.2.13 — 2026-04-04
Features
- OpenTelemetry OTLP trace export from MCP Gateway and proxy — feat: OpenTelemetry OTLP trace export from MCP Gateway and proxy gh-aw-mcpg#3178
- Configurable
MCP_GATEWAY_SESSION_TIMEOUTenv var for unified/mcpstateful sessions (default:2h) — [Repo Assist] feat(envutil): add GetEnvDuration + configurable MCP_GATEWAY_SESSION_TIMEOUT gh-aw-mcpg#3068, docs: document MCP_GATEWAY_SESSION_TIMEOUT environment variable gh-aw-mcpg#3153
Security
- Stricter auth validation: malformed
Authorizationheaders now return HTTP 400; unknown TOML fields rejected at startup; API keys are now randomly generated — fix: compliance gaps — HTTP 400 for malformed auth headers, reject unknown TOML fields, random API key generation gh-aw-mcpg#3097 - Direct API bypass detection in integrity audit + reusable MCP routing constraint — W-1: Detect direct API bypass in integrity audit + add reusable MCP routing constraint gh-aw-mcpg#3134
- Pre-emptive guard coverage for 5 workflow run cancel/rerun operations — Add pre-emptive guard coverage for 5 workflow run cancel/rerun operations gh-aw-mcpg#3095
create_agent_taskcorrectly classified as read-write blocked — Guard coverage: classifycreate_agent_taskas read-write and blocked gh-aw-mcpg#3139
Bug Fixes
- Resolved duplicate test declarations in server package — fix: resolve duplicate test declarations in server package gh-aw-mcpg#3098
v0.2.14 — 2026-04-05
Features
- OpenTelemetry OTLP tracing per spec §4.1.3.6 (v1.11.0); configurable via
opentelemetryTOML key — feat: Support spec v1.11.0 — OpenTelemetry OTLP tracing configuration (§4.1.3.6) gh-aw-mcpg#3188 - Extended default
MCP_GATEWAY_SESSION_TIMEOUTfrom 2 hours to 6 hours, reducing unexpected session expiration in long-running agentic workflows — feat: raise default MCP_GATEWAY_SESSION_TIMEOUT from 2h to 6h gh-aw-mcpg#3201
View All Other Tools Status
| Tool | Current | Latest | Status |
|---|---|---|---|
| GitHub MCP Server | v0.32.0 | v0.32.0 | up-to-date |
| Playwright MCP | 0.0.70 | 0.0.70 | up-to-date |
| Playwright Browser | v1.59.1 | v1.59.1 | up-to-date |
| Claude Code | latest (npm: 2.1.92) | — | pinned to latest |
| Copilot CLI | latest (npm: 1.0.18) | — | pinned to latest |
| Codex | latest (npm: 0.118.0) | — | pinned to latest |
Impact Assessment
- Risk: Low — patch/minor releases with additive features and security hardening
- Breaking Changes: None
- Affected: All compiled agentic workflows using MCP Gateway container (181 lock files updated)
- Security: Multiple security improvements in v0.2.13 make this a recommended update
Package Links
- Repository: https://github.com/github/gh-aw-mcpg
- v0.2.13 Release Notes: https://github.com/github/gh-aw-mcpg/releases/tag/v0.2.13
- v0.2.14 Release Notes: https://github.com/github/gh-aw-mcpg/releases/tag/v0.2.14
- Docker Image:
ghcr.io/github/gh-aw-mcpg:v0.2.14
References:
Generated by CLI Version Checker · ● 189.9K · ◷
- expires on Apr 7, 2026, 4:26 AM UTC
Metadata
Metadata
Type
Fields
Give feedbackNo fields configured for issues without a type.