What's Changed
- JwtBuilderFilter Creates a JSON Web Token (JWT) with runtime data and puts the JWT by @maximthomas in #145
- OpenAPI/Swagger Validates inbound HTTP requests and outbound HTTP responses against an OpenAPI specification (Swagger 2.x or OpenAPI 3.x) by @maximthomas in #150
- LLMPromptGuardFilter Intercepts outgoing LLM API requests and scans every prompt for prompt-injection attacks before the request reaches the downstream model. Implements mitigations for OWASP LLM Top 10 (2025) risks LLM01 (Prompt Injection) and LLM07 (System Prompt Leakage) by @maximthomas in #148
- LLMProxyFilter controls token usage per user by @maximthomas in #146
- MCPServerFeaturesFilter enforces allow/deny policies for MCP (Model Context Protocol): features exchanged as JSON-RPC payloads with an MCP server. It inspects both incoming requests and outgoing responses and removes or rejects features according to the configured rules by @maximthomas in #144
- CVE-2026-24308 Apache ZooKeeper has improper handling of configuration values by @dependabot[bot] in #147
- Update build.yml add JDK 26 support by @vharseko in #152
- Update OpenAM dependency version to 16.0.6 by @vharseko in #151
Full Changelog: 6.0.2...6.1.0
Contributors
vharseko, maximthomas, and dependabot