This is an automated email from the ASF dual-hosted git repository.
aminghadersohi pushed a change to branch oss-39604
in repository https://gitbox.apache.org/repos/asf/superset.git
at 60c1fd93882 fix(mcp): replace MCPJWTVerifier with JWTVerifier after
browser-hello revert
This branch includes the following new commits:
new 20ab9277ab3 fix(mcp): create ApiKey permissions on init and support
API keys with JWT auth
new 34c76e54598 fix(mcp): wire composite verifier and add ApiKey
permission sync
new 9bc0065646f fix(mcp): add type annotations to test fixtures and
parameters
new 6e362f95039 fix(mcp): remove prefixes from log to satisfy CodeQL
new 86587178401 fix(mcp): validate API keys via FastMCP AccessToken and
lock down ApiKey perms
new e67c7cd5986 refactor(mcp): hoist API key auth imports to module top
new 90969bff322 fix(security): drop redundant explicit ApiKey perm creation
new 2297603a9b2 refactor(mcp): hoist JWT verifier imports to module top
new 190e75e8688 Potential fix for pull request finding
new 5966d689576 fix(mcp): fix stale patch target in auth tests and update
stale docstring
new 3b622e8bf2b refactor(mcp): extract duplicated app context + sm setup
into helper
new ce6f4c22f6e fix(mcp): harden auth — PermissionError propagation,
passthrough client_id guard, fail-closed on missing token
new c4377b524f0 refactor(mcp): delegate load_user_with_relationships to
SecurityManager.find_user_with_relationships
new 6b0fda96bf4 fix(mcp): fix stale patch target in auth tests and update
stale docstring
new a33d5cf815f fix(mcp): validate api_key_prefixes in
CompositeTokenVerifier — filter empty/non-string entries
new dc17712916b fix(mcp): fix stale patch target in auth tests and update
stale docstring
new 3d817bb23be fix(mcp): normalize FAB_API_KEY_PREFIXES from config
before passing to CompositeTokenVerifier
new bfad0590049 fix(mcp): address CodeQL security warnings and add ApiKey
RBAC regression test
new 776fa9f1d5f fix(mcp): remove sensitive values from log calls to
satisfy CodeQL
new c57a4988f12 fix(mcp): use class-bound attribute in joinedload for
group roles
new dc3ce1eec8b fix(mcp): address dpgaspar review — imports, types,
exception scope
new 6e205dea133 fix(mcp): remove sensitive values from log calls to
satisfy CodeQL
new 8e4f7aa2bd2 fix(mcp): update security_manager patch target in RBAC
tests
new 28bf9717cf6 fix(mcp): address Codex review — error class, fail-open,
DRY permission logic
new 29c5c466455 fix(mcp): update security_manager patch target in
tool-search tests
new 8165dbb0eab fix(mcp): broaden _log_user_resolution_failure type hint
new 0d1a4217616 fix(mcp): fix MCPPermissionDeniedError handler order and
visibility test patch targets
new 51b20579230 fix(mcp): remove exc_info=True from tool-visibility debug
log to prevent traceback-based credential leak
new a9459e87716 fix(mcp): use consistent filter() style for email lookup
in find_user_with_relationships
new 60c1fd93882 fix(mcp): replace MCPJWTVerifier with JWTVerifier after
browser-hello revert
The 30 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
