Released on 2026-01-08
New Features
MCP Proxy Apps
MCP Proxy supports HTTP streaming transport for communicating with upstream MCP servers. You can configure proxy apps to forward requests to upstream MCP servers over streaming connections, enabling bidirectional message streaming with proper correlation and graceful connection lifecycle management.
Inbound Authorization Policy Support
MCP Proxy supports inbound authorization policies using OPA (Open Policy Agent), similar to MCP Bridge apps. You can define authorization policies that evaluate incoming requests based on headers, MCP tool information, and JWT claims, enabling fine-grained access control for proxy endpoints.
Outbound Authorization Policy Support
MCP Proxy supports multiple outbound authorization modes, including token exchange (RFC 8693) and static bearer tokens. When token exchange is configured, the proxy automatically exchanges inbound tokens for upstream-specific tokens with proper scope mappings. You can a allow unprotected passthrough for specific use cases.
Custom Upstream TLS Configuration
MCP Proxy apps can be configured with custom TLS settings for upstream connections. This enables connections to upstream servers with certificates signed by custom CAs or when mutual TLS (mTLS) is required.
Observability Capabilities
MCP Proxy provides observability capabilities for tool listing failures, upstream server availability, and session management. The proxy delivers clear error messages when tool listing fails or when upstream servers are unavailable, helping administrators diagnose connection issues more effectively. Session management supports both stateful and stateless session modes.
Learn More about: MCP Proxy Apps
Resolved Issues
SAML Applications
This release resolves an issue SAML where the signing configurations were producing invalid XML that failed schema validation. This caused authentication workflows to fail when using SAML applications configured to sign the response only, or both the response and assertion.
The fix ensures that all SAML responses generated with app-level signing settings now conform to the SAML Response schema specification, allowing authentication flows to complete successfully.