PrefectHQ/fastmcp v3.4.1
v3.4.1: Floor It

on GitHub

4 hours ago

FastMCP 3.4.1 floors Starlette at >=1.0.1 so installs can no longer resolve to a version affected by CVE-2026-48710 — previously the dependency was only constrained transitively through mcp, which allowed vulnerable versions. It also makes OAuthProxy log refresh-token cache misses instead of failing silently.

What's Changed

Enhancements ✨

Log refresh-token misses in OAuthProxy instead of failing silently by @jlowin in #4276

Security 🔒

Add explicit starlette>=1.0.1 floor (CVE-2026-48710) by @jlowin in #4286

Docs 📚

Document --notes-start-tag in release instructions by @jlowin in #4275

Full Changelog: v3.4.0...v3.4.1

Check out latest releases or
releases around PrefectHQ/fastmcp v3.4.1

Don't miss a new fastmcp release

NewReleases is sending notifications on new releases.

Get notifications