Skip to content

CHANGELOG.md

Latest commit

 

History

History
804 lines (676 loc) · 43.3 KB

CHANGELOG.md

File metadata and controls

804 lines (676 loc) · 43.3 KB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

Added

  • New MCP Tool: list_project_members - List members and groups of a Redmine project
    • Returns user/group info along with assigned roles
    • Supports both numeric project IDs and string identifiers
  • New MCP Tools: Time Tracking - Full time entry management
    • list_time_entries - List time entries with filtering by project, issue, user, and date range
    • create_time_entry - Log time against projects or issues with activity and date support
    • update_time_entry - Modify existing time entries (hours, comments, activity, date)
    • list_time_entry_activities - Discover available activity types (Development, Design, etc.) for time entry creation
    • All tools support pagination and use _get_redmine_client() for OAuth compatibility
  • 50 new unit tests for project members and time tracking tools (test_project_members.py, test_time_entries.py)
  • 26 new integration tests covering all 21 MCP tools with zero skips — includes project members (4), time entries (7), custom fields (3), search issues (3), summarize project (3), global search (4), and cleanup (2)
  • OAuth2 per-user authentication mode (REDMINE_AUTH_MODE=oauth)
    • New oauth_middleware.py: Starlette middleware that validates Authorization: Bearer <token> headers against Redmine's /users/current.json before forwarding MCP requests
    • Per-request token isolation via contextvars.ContextVar — safe under async concurrent load
    • GET /.well-known/oauth-protected-resource endpoint (RFC 8707) — points MCP clients to the authorization server
    • GET /.well-known/oauth-authorization-server endpoint (RFC 8414) — advertises Redmine's Doorkeeper OAuth endpoints (/oauth/authorize, /oauth/token, /oauth/revoke) since Redmine does not serve this document itself
    • POST /revoke endpoint (RFC 7009) — proxies token revocation to Redmine's /oauth/revoke, enabling proper disconnect flow from MCP clients
    • PKCE (S256) and both client_secret_post / client_secret_basic token endpoint auth methods advertised
    • Requires Redmine 6.1+ (Doorkeeper OAuth2 support)
  • REDMINE_AUTH_MODE environment variable — selects legacy (default) or oauth mode; legacy mode is unchanged so existing deployments require no changes
  • REDMINE_MCP_BASE_URL environment variable — public base URL of this server, used in OAuth discovery documents (only required in oauth mode)
  • _get_redmine_client() factory function in redmine_handler.py — creates a per-request Redmine client using OAuth token → API key → username/password priority; replaces the module-level shared client
  • 33 new unit tests for OAuth middleware, discovery endpoints, token revocation, and auth selection logic (tests/test_oauth_middleware.py)
  • Prompt Injection Protection - User-controlled content from Redmine is now wrapped in unique boundary tags to prevent prompt injection attacks against LLM consumers
    • New wrap_insecure_content() function wraps non-empty strings in <insecure-content-{boundary}> tags with a random 16-character hex boundary per call
    • Applied to 6 helper functions: _issue_to_dict (description), _issue_to_dict_selective (description), _journals_to_list (notes), _resource_to_dict (excerpt), _wiki_page_to_dict (text), _version_to_dict (description)
    • 22 new tests in test_prompt_injection.py
  • Read-Only Mode - Block all write operations via REDMINE_MCP_READ_ONLY=true environment variable
    • Guards 5 write tools: create_redmine_issue, update_redmine_issue, create_redmine_wiki_page, update_redmine_wiki_page, delete_redmine_wiki_page
    • Read tools (get_redmine_issue, list_redmine_projects, list_redmine_issues, etc.) remain fully functional
    • Local operations (cleanup_attachment_files) are not restricted
    • 15 new tests in test_read_only_mode.py
    • Updated .env.example and .env.docker with REDMINE_MCP_READ_ONLY variable
  • Journal Pagination on get_redmine_issue - New journal_limit and journal_offset parameters for paginating through issue journals
    • When journal_limit is set, response includes journal_pagination metadata (total, offset, limit, count, has_more)
    • Default behavior unchanged (returns all journals without pagination metadata)
    • 9 new tests covering limit, offset, combined pagination, edge cases, and backward compatibility
  • Include Flags on get_redmine_issue - Three new boolean parameters for fetching additional issue data
    • include_watchers (default: false) - Returns watcher list with id and name
    • include_relations (default: false) - Returns issue relations with id, issue_id, issue_to_id, relation_type
    • include_children (default: false) - Returns child issues with id, subject, tracker
    • All flags default to false for backward compatibility
    • Include parameters are passed to the Redmine API for server-side inclusion
    • 11 new tests covering all flags, combinations, missing attributes, and structure validation

Breaking

  • Removed list_my_redmine_issues - Deprecated since v0.11.0. Use list_redmine_issues(assigned_to_id='me') instead.
    • All references in docstrings updated to point to list_redmine_issues()

Fixed

  • Custom routes (well-known endpoints) not served at runtimemcp.run() created a fresh internal app discarding route registrations; switched to uvicorn.run(app, ...) so the decorated app instance is always what serves requests
  • REDMINE_URL KeyError at import timeoauth_middleware.py now uses os.environ.get() instead of os.environ[], so the server starts cleanly even if REDMINE_URL is not set before import
  • Legacy client recreated on every tool call_get_redmine_client() now caches a singleton _legacy_client in legacy mode instead of building a new Redmine() instance per request
  • OAuth routes exposed in legacy mode — well-known endpoints and /revoke are now only registered when REDMINE_AUTH_MODE=oauth

Changed

  • main() now runs via uvicorn.run(app, ...) directly instead of mcp.run(transport="streamable-http") to ensure custom route registrations are preserved

Improved

  • Code Quality - Added .flake8 config for Black compatibility (E203 ignore)

Contributors

  • @mihajlovicjj — OAuth2 per-user authentication, /revoke endpoint, discovery endpoints, and 33 new tests (#71)
  • @mihajlovicjj — Project members and time tracking tools with 50 new tests (#72)

0.12.1 - 2026-03-05

Fixed

  • 421 Misdirected Request in Docker/public deployments (#69)
    • Pass SERVER_HOST to FastMCP so DNS rebinding protection is configured correctly
    • When host is 0.0.0.0 (Docker/public), FastMCP skips auto-enabling DNS rebinding protection, avoiding 421 errors for connections via public IPs

0.12.0 - 2026-02-19

Added

  • New MCP Tool: list_project_issue_custom_fields - Discover issue custom fields for a Redmine project
    • Lists custom field metadata (id, name, field_format, is_required, multiple, default_value)
    • Includes allowed values (possible_values) and tracker bindings (trackers)
    • Optional tracker_id filter to show only fields applicable to a specific tracker
    • 7 unit tests covering serialization, filtering, validation, and error handling
  • New MCP Tool: list_redmine_versions - List versions/milestones for a Redmine project
    • Filter by project_id (numeric or string identifier)
    • Optional status_filter parameter (open, locked, closed)
    • Client-side filtering with input validation
    • 18 unit tests covering helper, basic functionality, filtering, and error handling
    • 6 integration tests for project ID, string identifier, structure, filtering, and error handling
  • fixed_version_id filter documented for list_redmine_issues tool
  • Claude Desktop MCP client configuration added to README with stdio transport via FastMCP proxy
  • get_redmine_issue now supports include_custom_fields (default: true) and can return serialized issue custom_fields.
  • update_redmine_issue now supports updating custom fields by name (for example {"size": "S"}) by resolving project custom-field metadata.

Fixed

  • Required custom field handling for create_redmine_issue and update_redmine_issue (#65)
    • Auto-retry on validation errors for missing required custom fields (e.g., "cannot be blank", "is not included in the list")
    • Fills values from Redmine custom field default_value or REDMINE_REQUIRED_CUSTOM_FIELD_DEFAULTS env var
    • Opt-in via REDMINE_AUTOFILL_REQUIRED_CUSTOM_FIELDS=true environment variable
    • create_redmine_issue now accepts fields as a JSON object string for flexible custom field payloads
    • Added REDMINE_REQUIRED_CUSTOM_FIELD_DEFAULTS env var for specifying fallback values per field name
    • Updated .env.example and .env.docker with new environment variables

Breaking

  • create_redmine_issue extra_fields parameter — Previously, passing extra_fields as a plain string would forward it directly to Redmine as an attribute. Now it is parsed as a JSON object (or dict) and merged into the issue payload. Callers who relied on the old behaviour of sending a raw extra_fields string attribute should migrate to fields or provide a JSON object string instead.

Changed

  • Dependency Updates
    • black upgraded from 25.12.0 to 26.1.0
  • Improved issue update validation for named custom fields with clear errors when values are not allowed for the target custom field.

Contributors

  • @sebastianelsner — custom field discovery tool, required custom field handling, and custom field update support (#65, #66)

Improved

  • Test Coverage - 44 new unit tests for custom field helper functions (redmine_handler.py lines 474-640)
    • Covers _is_true_env, _normalize_field_label, _parse_create_issue_fields, _extract_possible_values, _extract_missing_required_field_names, _load_required_custom_field_defaults, _is_missing_custom_field_value, _is_allowed_custom_field_value, _resolve_required_custom_field_value
    • redmine_handler.py coverage improved from 94% to 97% (with integration tests)
    • Overall coverage improved from 95% to 98%
  • Documentation - Updated README and tool-reference.md
    • Tool count updated from 15 to 17
    • Added list_project_issue_custom_fields to Project Management category in README
    • Added full list_project_issue_custom_fields documentation to tool-reference.md
    • Added list_redmine_versions to Project Management category in README
    • Added full tool documentation to tool-reference.md with parameters, examples, and usage guidance
    • Documented fixed_version_id parameter for list_redmine_issues

0.11.0 - 2026-02-14

Added

  • New MCP Tool: list_redmine_issues - General-purpose issue listing with flexible filtering (#64)
    • Filter by project_id, status_id, tracker_id, assigned_to_id, priority_id, sort
    • assigned_to_id supports numeric user IDs or 'me' for the authenticated user
    • fields parameter for selective field returns to reduce token usage
    • Full pagination support with limit, offset, and include_pagination_info
    • Supports string project identifiers (e.g., "my-project") in addition to numeric IDs
  • Comprehensive Test Suite - 34 unit tests and 15 integration tests for the new tool
    • Covers filters, pagination, field selection, combined filters, error handling, and MCP parameter unwrapping
    • Integration tests verify real Redmine API behavior including sort order and field selection

Changed

  • list_my_redmine_issues refactored as a thin wrapper around list_redmine_issues(assigned_to_id='me')
    • Full backward compatibility maintained
    • All existing calls continue to work unchanged

Deprecated

  • list_my_redmine_issues - Will be removed in a future release
    • Use list_redmine_issues(assigned_to_id='me') instead
    • Wrapper delegates all parameters to list_redmine_issues

Improved

  • Documentation - Updated README and tool-reference.md
    • Tool count updated from 14 to 15
    • Tool reference now the single source of truth for tool documentation

0.10.0 - 2026-01-11

Added

  • Wiki Page Editing - Three new MCP tools for full wiki page lifecycle management
    • create_redmine_wiki_page(project_id, wiki_page_title, text, comments) - Create new wiki pages
    • update_redmine_wiki_page(project_id, wiki_page_title, text, comments) - Update existing wiki pages
    • delete_redmine_wiki_page(project_id, wiki_page_title) - Delete wiki pages
    • Includes change log comment support for create/update operations
    • 17 new tests with comprehensive error handling coverage
  • Centralized Error Handler - New _handle_redmine_error() function for consistent, actionable error messages
    • Handles 12 error types: SSL, connection, timeout, auth, forbidden, server error, validation, version mismatch, protocol, not found, and more
    • Error messages include specific error types, actionable guidance, and relevant context (URLs, resource IDs, environment variables)
    • All 10 MCP tools updated to use centralized error handling
    • 21 new tests added for comprehensive error handling coverage

Changed

  • Logging Improvements - Replaced remaining print() statements with proper logger calls throughout codebase

Improved

  • Code Coverage Target - Increased Codecov target from 70% to 80%
  • Test Coverage - Improved redmine_handler.py coverage from 93% to 99%
    • Added 29 new tests covering edge cases and error handling paths
    • Total test count increased from 302 to 331
    • Only 5 module initialization lines remain uncovered (import-time code)
  • Documentation - Added MCP architecture lessons blog post to README resources section

0.9.1 - 2026-01-04

Removed

  • BREAKING: Removed deprecated download_redmine_attachment() function
    • Was deprecated in v0.4.0 with security advisory (CWE-22, CVSS 7.5)
    • Use get_redmine_attachment_download_url() instead for secure attachment downloads

Changed

  • Dependency Updates
    • mcp[cli] pinned to >=1.25.0,<2 (from >=1.19.0) for latest stable v1.x
    • uvicorn upgraded from 0.38.0 to 0.40.0

Improved

  • Test Coverage - Improved from 76% to 88% with comprehensive test suite enhancements
  • CI/CD - Moved coverage upload from PR workflow to publish workflow

0.9.0 - 2025-12-21

Added

  • Global Search Tool - search_entire_redmine(query, resources, limit, offset) for searching across issues and wiki pages
    • Supports resource type filtering (issues, wiki_pages)
    • Server-side pagination with configurable limit (max 100) and offset
    • Returns categorized results with count breakdown by type
    • Requires Redmine 3.3.0+ for search API support
  • Wiki Page Retrieval - get_redmine_wiki_page(project_id, wiki_page_title, version, include_attachments) for retrieving wiki content
    • Supports both string and integer project identifiers
    • Optional version parameter for retrieving specific page versions
    • Optional attachment metadata inclusion
    • Returns full page content with author and project info
  • Version Logging - Server now logs version at startup

Changed

  • Logging Improvements - Replaced print() with logging module for consistent log formatting

0.8.1 - 2025-12-11

Added

  • Test Coverage Badge - Added test coverage tracking via Codecov integration
  • Unit Tests for AttachmentFileManager - Comprehensive test coverage for file management module

Changed

  • Dependency Updates - Updated core and development dependencies to latest versions
    • python-dotenv upgraded from 1.1.0 to 1.2.1
    • pytest-mock upgraded from 3.14.1 to 3.15.1
    • pytest-cov upgraded from 6.2.1 to 7.0.0
    • pytest upgraded from 8.4.0 to 9.0.2
    • uvicorn upgraded from 0.34.2 to 0.38.0
    • pytest-asyncio upgraded from 1.0.0 to 1.3.0
    • black upgraded from 25.9.0 to 25.12.0
  • CI/CD Improvements - Updated GitHub Actions dependencies
    • actions/checkout upgraded from 4 to 6
    • actions/setup-python upgraded from 5 to 6
    • actions/github-script upgraded from 7 to 8

Improved

  • Issue Management Workflows - Added GitHub issue templates and automation
    • Bug report and feature request issue templates
    • Stale issue manager workflow for automatic issue cleanup
    • Lock closed issues workflow
    • Auto-close label removal workflow
  • Dependabot Integration - Configured automated dependency updates for uv, GitHub Actions, and Docker

0.8.0 - 2025-12-08

Security

  • Removed private keys from repository - Addresses GitGuardian secret exposure alert
    • Test SSL certificates now generated dynamically in CI/CD pipeline
    • Added generate-test-certs.sh script for local and CI certificate generation
    • Updated .gitignore to exclude all generated certificate files
    • Private keys no longer stored in version control

Added

  • SSL Certificate Configuration - Comprehensive SSL/TLS support for secure Redmine connections
    • Self-Signed Certificates - REDMINE_SSL_CERT environment variable for custom CA certificates
      • Support for .pem, .crt, .cer certificate formats
      • Path validation with existence and file type checks
      • Clear error messages for troubleshooting
    • Mutual TLS (mTLS) - REDMINE_SSL_CLIENT_CERT environment variable for client certificate authentication
      • Support for separate certificate and key files (comma-separated format)
      • Support for combined certificate files
      • Compatibility with unencrypted private keys (Python requests requirement)
    • SSL Verification Control - REDMINE_SSL_VERIFY environment variable to enable/disable verification
      • Defaults to true for security (secure by default)
      • Warning logs when SSL verification is disabled
      • Development/testing flexibility with explicit configuration
    • Integration Testing - 9 comprehensive integration tests with real SSL certificates
      • Test certificate generation using OpenSSL
      • Validation of all SSL configuration scenarios
      • Certificate path resolution and error handling tests

Changed

  • Enhanced Redmine client initialization with SSL configuration support
  • Updated environment variable parsing for SSL options
  • Improved error handling for SSL certificate validation

Improved

  • Security - Secure by default with SSL verification enabled
    • Certificate path validation prevents configuration errors
    • Clear warnings for insecure configurations (SSL disabled)
    • Comprehensive logging for SSL setup and errors
  • Flexibility - Support for various SSL deployment scenarios
    • Self-signed certificates for internal infrastructure
    • Mutual TLS for high-security environments
    • Docker-compatible certificate mounting
  • Documentation - Extensive updates across all documentation:
    • README.md - New SSL Certificate Configuration section with examples
      • Environment variables table updated with SSL options
      • Collapsible sections for different SSL scenarios
      • Link to troubleshooting guide for SSL issues
    • docs/troubleshooting.md - Comprehensive SSL troubleshooting section
      • 8 detailed troubleshooting scenarios with solutions
      • OpenSSL command examples for certificate validation
      • Docker deployment SSL configuration guide
      • Troubleshooting checklist for common issues
    • docs/tool-reference.md - New Security Best Practices section
      • SSL/TLS configuration best practices
      • Authentication security guidelines
      • File handling security features
      • Docker deployment security recommendations

Fixed

  • CI/CD - Added SSL certificate generation step to PyPI publish workflow
    • Tests were failing in GitHub Actions due to missing test certificates
    • Certificate generation now runs before tests in all CI workflows

Technical Details

  • Test Coverage - Added 29 comprehensive tests (20 unit + 9 integration)
    • Unit tests for environment variable parsing and SSL configuration logic
    • Integration tests with real certificate files
    • Error handling tests for missing/invalid certificates
  • Certificate Validation - Robust path validation with clear error messages
    • Path.resolve() for symlink resolution
    • File existence and type checks
    • Original and resolved paths in error messages
  • Client Certificate Support - Flexible format handling
    • Split comma-separated paths with maxsplit=1
    • Strip whitespace from paths
    • Support both tuple and single file formats
  • Code Quality - All changes PEP 8 compliant and formatted with Black
  • Backward Compatibility - Fully compatible with existing deployments
    • SSL verification enabled by default (same as before)
    • No changes required for users without custom SSL needs
    • Optional SSL configuration for advanced scenarios

0.7.1 - 2025-12-02

Fixed

  • Critical: Redmine client initialization failure when installed via pip (#40)
    • .env file is now loaded from the current working directory first, then falls back to package directory
    • Previously, the server only looked for .env relative to the installed package location (site-packages), causing "Redmine client not initialized" errors for pip-installed users
    • Added helpful warning messages when REDMINE_URL or authentication credentials are missing
    • Removed redundant load_dotenv() call from main.py to avoid duplicate initialization

Added

  • Regression Tests - Added 8 new tests in test_env_loading.py to prevent future regressions:
    • Tests for .env loading from current working directory
    • Tests for warning messages when configuration is missing
    • Tests for CWD precedence over package directory

Migration Notes

  • No Breaking Changes - Existing configurations continue to work
  • Recommended - Place your .env file in the directory where you run the server (current working directory)
  • Fallback - If no .env found in CWD, the package directory is checked as before

0.7.0 - 2025-11-29

Added

  • Search Optimization - Comprehensive enhancements to search_redmine_issues() to prevent MCP token overflow
    • Pagination Support - Server-side pagination with limit (default: 25, max: 1000) and offset parameters
    • Field Selection - Optional fields parameter for selective field inclusion to reduce token usage
    • Native Search Filters - Support for Redmine Search API native filters:
      • scope parameter (values: "all", "my_project", "subprojects")
      • open_issues parameter for filtering open issues only
    • Pagination Metadata - Optional structured response with include_pagination_info parameter
    • Helper Function - Added _issue_to_dict_selective() for efficient field filtering

Changed

  • Default Behavior - search_redmine_issues() now returns max 25 issues by default (was unlimited)
    • Prevents MCP token overflow (25,000 token limit)
    • Use limit parameter to customize page size
    • Fully backward compatible for existing usage patterns

Improved

  • Performance - Significant improvements for search operations:
    • Memory efficient: Uses server-side pagination
    • Token efficient: Default limit keeps responses under 2,000 tokens
    • ~95% token reduction possible with minimal field selection
    • ~87% faster response times for large result sets
  • Documentation - Comprehensive updates:
    • Updated docs/tool-reference.md with detailed search parameters and examples
    • Added "When to Use" guidance (search vs list_my_redmine_issues)
    • Documented Search API limitations and filtering capabilities
    • Added performance tips and best practices

Technical Details

  • Search API Limitations - Documented that Search API supports text search with scope/open_issues filters only
    • For advanced filtering by project_id, status_id, priority_id, etc., use list_my_redmine_issues()
    • Search API does not provide total_count (pagination uses conservative estimation)
  • Test Coverage - Added 81 comprehensive unit tests:
    • 29 tests for field selection helper
    • 22 tests for pagination support - 15 tests for field selection integration
    • 15 tests for native filters
  • Code Quality - All changes are PEP 8 compliant and formatted with Black

Migration Notes

  • Fully Backward Compatible - No breaking changes for existing code
  • New Default Limit - If you need more than 25 results, explicitly set limit parameter
  • Field Selection - fields=None (default) returns all fields for backward compatibility
  • Pagination - Use include_pagination_info=True for structured responses with metadata

0.6.0 - 2025-10-25

Changed

  • Dependency Updates - Updated core dependencies to latest versions
    • fastapi[standard] upgraded from >=0.115.12 to >=0.120.0
    • mcp[cli] upgraded from >=1.14.1 to >=1.19.0

Security

  • MCP Security Fix - Includes security patch from MCP v1.19.0 (CVE-2025-62518)

Improved

  • FastAPI Enhancements - Benefits from latest bug fixes and improvements:
    • Mixed Pydantic v2/v1 mode for gradual migration support
    • Fixed StreamingResponse behavior with yield dependencies
    • Enhanced OpenAPI schema support (array values, external_docs parameter)
    • Improved Pydantic 2.12.0+ compatibility
    • Better validation error handling for Form and File parameters
  • MCP Protocol Improvements - Enhanced capabilities from latest updates:
    • Tool metadata support in FastMCP decorators
    • OAuth scope selection and step-up authorization
    • Paginated list decorators for prompts, resources, and tools
    • Improved Unicode support for HTTP transport
    • Enhanced documentation structure and testing guidance
    • Better OAuth protected resource metadata handling per RFC 9728

Notes

  • Pydantic v1 support is deprecated in FastAPI v0.119.0 and will be removed in a future version
  • All existing functionality remains backward compatible
  • No breaking changes for current users
  • Python 3.10-3.13 support maintained (Python 3.14 support available in dependencies but not yet tested in this project)

0.5.2 - 2025-10-09

Documentation

  • Major README reorganization - Comprehensive cleanup for professional, user-focused documentation
    • Created separate documentation guides:
      • docs/tool-reference.md - Complete tool documentation with examples
      • docs/troubleshooting.md - Comprehensive troubleshooting guide
      • docs/contributing.md - Complete developer guide with setup, testing, and contribution guidelines
    • Refactored MCP client configurations with collapsible <details> sections
    • Removed development-focused content from README (moved to contributing guide)
    • Streamlined README structure:
      • Cleaner Quick Start with proper navigation
      • Focused Features section (replaced "Comprehensive Testing" with "Pagination Support")
      • Removed redundant sections (Usage, Python Version Compatibility, development notes)
      • Added proper Troubleshooting and Contributing sections
      • Enhanced Additional Resources with all documentation links

Improved

  • Professional documentation structure - README now focuses purely on end-user usage
  • Better information architecture - Clear separation between user docs and developer docs
  • Enhanced discoverability - All documentation easily accessible with proper linking
  • Cleaner presentation - Collapsible sections and categorized lists reduce visual clutter
  • Industry-standard pattern - Documentation structure matches professional open-source projects

Fixed

  • Quick Start .env reference now properly links to Installation section
  • Contributing link in quick navigation now points to correct location
  • Removed duplicate and redundant information across README
  • All internal documentation links verified and corrected

0.5.1 - 2025-10-08

Documentation

  • Updated MCP client configurations - Comprehensive update to all MCP client setup instructions
    • VS Code: Added native MCP support with CLI, Command Palette, and manual configuration methods
    • Codex CLI: New section with CLI command and TOML configuration format
    • Kiro: Updated to use mcp-client-http bridge for HTTP transport compatibility
    • Generic clients: Expanded with both HTTP and command-based configuration formats
    • Removed Continue extension section (replaced by VS Code native support)
  • All configurations verified against official documentation and real-world examples

Improved

  • Enhanced README MCP client configuration section for better user experience
  • Clearer installation instructions for various MCP-compatible clients
  • More accurate configuration examples reflecting current client capabilities

0.5.0 - 2025-09-25

Added

  • Python 3.10+ support - Expanded compatibility from Python 3.13+ to Python 3.10+
  • CI/CD matrix testing across Python 3.10, 3.11, 3.12, and 3.13 versions
  • Python version compatibility matrix in documentation
  • GitHub Actions workflows for multi-version testing before PyPI publication

Changed

  • BREAKING: Minimum Python requirement lowered from 3.13+ to 3.10+
  • Updated project classifiers to include Python 3.10, 3.11, and 3.12
  • Enhanced CI/CD pipeline with comprehensive multi-version testing
  • Version bumped to 0.5.0 for major compatibility expansion

Improved

  • 10x larger potential user base with Python 3.10+ support
  • Full backward compatibility maintained across all Python versions
  • Zero source code changes required for compatibility expansion
  • Enhanced documentation with deployment-specific Python version guidance
  • Updated all metadata files (server.json, roadmap.md) for version consistency

Fixed

  • Docker deployment script now correctly uses .env.docker instead of .env
  • Maintains proper deployment compatibility (local uses .env, Docker uses .env.docker)

Technical

  • Configuration-only implementation approach for maximum safety
  • Ultra-minimal development setup (Python 3.13.1 local, CI handles multi-version)
  • All 71 tests validated across Python 3.10-3.13 via GitHub Actions
  • Maintained Docker deployment with Python 3.13 for optimal performance

0.4.5 - 2025-09-24

Improved

  • Enhanced PyPI installation documentation with step-by-step instructions
  • Simplified installation process with clearer configuration examples
  • Updated development documentation with improved setup guidance
  • Streamlined package management and dependency handling

Documentation

  • Added comprehensive PyPI installation guide as primary installation method
  • Improved environment configuration examples with practical defaults
  • Enhanced README structure for better user onboarding experience
  • Updated development workflow documentation

0.4.4 - 2025-09-23

Fixed

  • PyPI badges and links in README now point to correct package name redmine-mcp-server
  • Previously pointed to old package name mcp-redmine

0.4.3 - 2025-09-23

Added

  • MCP Registry support with server.json configuration
  • MCP server name identifier in README for registry validation

Changed

  • Updated README with registry identification metadata
  • Version bump for PyPI republication with registry validation support

0.4.2 - 2025-09-23

Added

  • PyPI package publishing support as redmine-mcp-server
  • Console script entry point: redmine-mcp-server command
  • Comprehensive package metadata for PyPI distribution
  • GitHub Actions workflow for automated PyPI publishing

Changed

  • Updated package name from mcp-redmine to redmine-mcp-server for PyPI
  • Enhanced pyproject.toml with full package metadata and classifiers
  • Added main() function for console script execution

Improved

  • Better package discoverability with keywords and classifications
  • Professional package structure following PyPI best practices
  • Automated release workflow for seamless publishing

0.4.1 - 2025-09-23

Fixed

  • GitHub Actions CI test failure in security validation tests
  • Updated test assertions to handle Redmine client initialization state properly
  • Security validation tests now pass consistently in CI environments

Improved

  • Enhanced GitHub Actions workflow with manual dispatch trigger
  • Added verbose test output for better CI debugging
  • Improved test reliability across different environments

0.4.0 - 2025-09-22

Added

  • get_redmine_attachment_download_url() - Secure replacement for attachment downloads
  • Comprehensive security validation test suite
  • Server-controlled storage and expiry policies for enhanced security

Changed

  • Updated MCP library to v1.14.1
  • Integration tests now create their own test attachments for reliability
  • Attachment files always use UUID-based directory structure

Deprecated

  • download_redmine_attachment() - Use get_redmine_attachment_download_url() instead
    • ⚠️ SECURITY: save_dir parameter vulnerable to path traversal (CWE-22, CVSS 7.5)
    • expires_hours parameter exposes server policies to clients
    • Will be removed in v0.5.0

Fixed

  • Path traversal vulnerability in attachment downloads eliminated
  • Integration test no longer skipped due to missing attachments

Security

  • CRITICAL: Fixed path traversal vulnerability in attachment downloads (CVSS 7.5)
  • Removed client control over server storage configuration
  • Enhanced logging for security events and deprecated function usage

0.3.1 - 2025-09-21

Fixed

  • Integration test compatibility with new attachment download API format
  • Test validation now properly checks HTTP download URLs instead of file paths
  • Comprehensive validation of all attachment response fields (download_url, filename, content_type, size, expires_at, attachment_id)

0.3.0 - 2025-09-21

Added

  • Automatic file cleanup system with configurable intervals and expiry times
  • AUTO_CLEANUP_ENABLED environment variable for enabling/disabling automatic cleanup (default: true)
  • CLEANUP_INTERVAL_MINUTES environment variable for cleanup frequency (default: 10 minutes)
  • ATTACHMENT_EXPIRES_MINUTES environment variable for default attachment expiry (default: 60 minutes)
  • Background cleanup task with lazy initialization via MCP tool calls
  • Cleanup status endpoint (/cleanup/status) for monitoring background task
  • CleanupTaskManager class for managing cleanup task lifecycle
  • Enhanced health check endpoint with cleanup task initialization
  • Comprehensive file management configuration documentation in README

Changed

  • BREAKING: CLEANUP_INTERVAL_HOURS replaced with CLEANUP_INTERVAL_MINUTES for finer control
  • Default attachment expiry configurable via environment variable instead of hardcoded 24 hours
  • Cleanup task now starts automatically when first MCP tool is called (lazy initialization)
  • Updated .env.example with new minute-based configuration options

Improved

  • More granular control over cleanup timing with minute-based intervals
  • Better resource management with automatic cleanup task lifecycle
  • Enhanced monitoring capabilities with cleanup status endpoint
  • Clearer documentation with practical configuration examples for development and production

0.2.1 - 2025-09-20

Added

  • HTTP file serving endpoint (/files/{file_id}) for downloaded attachments
  • Secure UUID-based file URLs with automatic expiry (24 hours default)
  • New file_manager.py module for attachment storage and cleanup management
  • cleanup_attachment_files MCP tool for expired file management
  • PUBLIC_HOST/PUBLIC_PORT environment variables for external URL generation
  • PEP 8 compliance standards and development tools (flake8, black)
  • Storage statistics tracking for attachment management

Changed

  • BREAKING: download_redmine_attachment now returns download_url instead of file_path
  • Attachment downloads now provide HTTP URLs for external access
  • Docker URL generation fixed (uses localhost instead of 0.0.0.0)
  • Dependencies optimized (httpx moved to dev/test dependencies)

Fixed

  • Docker container URL accessibility issues for downloaded attachments
  • URL generation for external clients in containerized environments

Improved

  • Code quality with full PEP 8 compliance across all Python modules
  • Test coverage for new HTTP URL return format
  • Documentation updated with file serving details

0.2.0 - 2025-09-20

Changed

  • BREAKING: Migrated from FastAPI/SSE to FastMCP streamable HTTP transport
  • BREAKING: MCP endpoint changed from /sse to /mcp
  • Updated server architecture to use FastMCP's native HTTP capabilities
  • Simplified initialization and removed FastAPI dependency layer

Added

  • Native FastMCP streamable HTTP transport support
  • Claude Code CLI setup command documentation
  • Stateless HTTP mode for better scalability
  • Smart issue summarization tool with comprehensive project analytics

Improved

  • Better MCP protocol compliance with native FastMCP implementation
  • Reduced complexity by removing custom FastAPI/SSE layer
  • Updated all documentation to reflect new transport method
  • Enhanced health check endpoint with service identification

Migration Notes

  • Existing MCP clients need to update endpoint from /sse to /mcp
  • Claude Code users can now use: claude mcp add --transport http redmine http://127.0.0.1:8000/mcp
  • Server initialization simplified with mcp.run(transport="streamable-http")

0.1.6 - 2025-06-19

Added

  • New MCP tool search_redmine_issues for querying issues by text.

0.1.5 - 2025-06-18

Added

  • get_redmine_issue can now return attachment metadata via a new include_attachments parameter.
  • New MCP tool download_redmine_attachment for downloading attachments.

0.1.4 - 2025-05-28

Removed

  • Deprecated get_redmine_issue_comments tool. Use get_redmine_issue with include_journals=True to retrieve comments.

Changed

  • get_redmine_issue now includes issue journals by default. A new include_journals parameter allows opting out of comment retrieval.

0.1.3 - 2025-05-27

Added

  • New MCP tool list_my_redmine_issues for retrieving issues assigned to the current user
  • New MCP tool get_redmine_issue_comments for retrieving issue comments

0.1.2 - 2025-05-26

Changed

  • Roadmap moved to its own document with updated plans
  • Improved README badges and links

Added

  • New MCP tools create_redmine_issue and update_redmine_issue for managing issues
  • Documentation updates describing the new tools
  • Integration tests for issue creation and update
  • Integration test for Redmine issue management

0.1.1 - 2025-05-25

Changed

  • Updated project documentation with correct repository URLs
  • Updated LICENSE with proper copyright (2025 Kevin Tan and contributors)
  • Enhanced VS Code integration documentation
  • Improved .gitignore to include test coverage files

0.1.0 - 2025-05-25

Added

  • Initial release of Redmine MCP Server
  • MIT License for open source distribution
  • Core MCP server implementation with FastAPI and SSE transport
  • Two primary MCP tools:
    • get_redmine_issue(issue_id) - Retrieve detailed issue information
    • list_redmine_projects() - List all accessible Redmine projects
  • Comprehensive authentication support (username/password and API key)
  • Modern Python project structure with uv package manager
  • Complete testing framework with 20 tests:
    • 10 unit tests for core functionality
    • 7 integration tests for end-to-end workflows
    • 3 connection validation tests
  • Docker containerization support:
    • Multi-stage Dockerfile with security hardening
    • Docker Compose configuration with health checks
    • Automated deployment script with comprehensive management
    • Production-ready container setup with non-root user
  • Comprehensive documentation:
    • Detailed README.md with installation and usage instructions
    • Complete API documentation with examples
    • Docker deployment guide
    • Testing framework documentation
  • Git Flow workflow implementation with standard branching strategy
  • Environment configuration templates and examples
  • Advanced test runner with coverage reporting and flexible execution

Technical Features

  • Architecture: FastAPI application with Server-Sent Events (SSE) transport
  • Security: Authentication with Redmine instances, non-root Docker containers
  • Testing: pytest framework with mocks, fixtures, and comprehensive coverage
  • Deployment: Docker support with automated scripts and health monitoring
  • Documentation: Complete module docstrings and user guides
  • Development: Modern Python toolchain with uv, Git Flow, and automated testing

Dependencies

  • Python 3.13+
  • FastAPI with standard extensions
  • MCP CLI tools
  • python-redmine for Redmine API integration
  • Docker for containerization
  • pytest ecosystem for testing

Compatibility

  • Compatible with Redmine 3.x and 4.x instances
  • Supports both username/password and API key authentication
  • Works with Docker and docker-compose
  • Tested on macOS and Linux environments