[1.17.0]
Update penpot to 2.15.2
Full Changelog
Add support for chunked uploading of fonts Github #9560
Add MCP server integration Github #9174
Add chunked upload API for large media and binary files (removes previous upload size limits) Github #8909
Improve team name validation Github #9176
Fix MCP integrations URL copy action to match the URL displayed in settings Github #9238
Fix Plugin API token methods rejecting JS array of strings Github #9162
Harden Nginx responses with standard security headers and hide upstream X-Powered-By headers
Fix MCP ReplServer binding to all interfaces (0.0.0.0) instead of localhost, allowing unauthenticated RCE Github #9400
Fix SSRF in media URL import and restrict unauthenticated asset access to public buckets only Github #9390
Fix maximum call stack size exceeded in SSE read-stream Github #9470
