Release date 2026/07/02
Bugfix
-
Fixed an issue where raw non-200 upstream responses triggered misleading MCP body parse warnings.
-
Fixed an issue where the
WWW-Authenticate: Bearer error="insufficient_scope"header was not emitted. -
Fixed an issue where internal unix-socket subrequests lost the original client IP address, causing IP-aware plugins like IP Restriction to reject legitimate requests.
-
Fixed an issue where, since 3.14, call tools converted from API could fail when Kong used a self-signed certificate.
-
Fixed an issue where the tool ID might be repeated.
-
Fixed an issue where empty JSON arrays in MCP server responses were rewritten to empty objects when the plugin re-encoded the body for ACL list filtering.
-
Fixed stale tools cache after full-sync reconfigure (e.g.
deck sync), causingtools/listto return empty results.