This release improves MCP server authentication by automatically attempting OAuth discovery when servers return an auth rejected error, and fixes same-origin request failures in chat sessions.
Features
CLI commands tab in OpenAPI version update modal#1624 - Added a CLI commands tab to the OpenAPI version update modal for quick access to CLI-based update workflows. (Author: @simplesagar )
Bug fixes
OAuth discovery for MCP servers returning AuthRejectedError#1597 - When an MCP server returns a 401 without a
header, the platform now attempts OAuth discovery instead of silently skipping authentication setup. This fixes the missing authentication section for catalog MCP servers that don't implement OAuth 2.1 natively. (Author: @simplesagar )
Same-origin requests in chat sessions CORS#1616 - Fixed "Origin does not match audience claim" errors for same-origin requests. The middleware now validates the Host header against audience claims when the Origin header is absent, allowing legitimate same-origin requests while still preventing cross-origin bypass attacks. (Author: @adaam2 )
