This release adds partial support for the 2025-11-25 version of the MCP spec and fixes some bugs in the streamable transports. It also includes some minor new APIs, changes to contributing flows, and small bugfixes.
Please test the prerelease if you can, and review any pending proposals included in the release. Your feedback is greatly appreciated!
Contributing changes
- CONTRIBUTING.md is updated to remove the ad-hoc antitrust policy (#651), and add a dependency update policy (#635).
- An example server (
examples/server/conformance) is added for the new conformance tests at modelcontextprotocol/conformance. Test can be run withscripts/conformance.sh(#650).
Partial support for the 2025-11-25 spec
The following SEPs from the 2025-11-25 spec are now supported. Please see #725 for the proposed API additions included to support these SEPs.
- SEP-973: icons and metadata (#570)
- SEP-986: tool name validation (#640)
- SEP-1024: elicitation defaults (#644)
- SEP-1036: URL mode elicitation (#646)
- SEP-1699: SSE polling (#663)
- SEP-1330: elicitation enum improvements (#676)
Other API additions
- Common error codes are now available through the sentinel
jsonrpc.Error(#452) - OAuth 2.0 Protected Resource Metadata support (#643)
ClientCapabilities.RootsV2and RootCapabilities are added to work around an API bug (#607)Capabilitiesfields are added toServerOptionsandClientOptions, to simplify capability configuration (#706)
Streamable fixes
Several bug fixes are included for the streamable transports:
- mcp: relax SSE connection response handling in non-strict mode by @zhxie in #611
- Fix: Skip non-message SSE events in processStream by @raphaelmansuy in #637
- mcp: better handling for streamable context cancellation by @findleyr in #677
- mcp: don't break the streamable client connection for transient errors by @findleyr in #723
Other notable bugfixes
- fix: handle Windows CRLF in MCP client(#664) by @isfzhang in #665
- auth, mcp: add UserID to TokenInfo for session hijacking prevention by @findleyr in #695
- internal/docs: document UserID for session hijacking prevention by @findleyr in #697
- mcp: allow re-using connections in more cases by @howardjohn in #709
- oauthex: validate URL schemes in auth server metadata and DCR by @findleyr in #712
- mcp: debounce server change notifications by @findleyr in #717
- oauthex: fix content type check in getJSON by @nikolavp in #721
New Contributors
- @zhxie made their first contribution in #611
- @SpringMT made their first contribution in #614
- @raphaelmansuy made their first contribution in #637
- @markus-kusano made their first contribution in #644
- @isfzhang made their first contribution in #665
- @orius123 made their first contribution in #643
- @howardjohn made their first contribution in #709
- @nikolavp made their first contribution in #721
Full Changelog: v1.1.0...v1.2.0-pre.1