Summary
This release brings us up to speed with the latest MCP spec 2025-11-25. Take a look at the latest spec as well as the release blog post.
What's Changed
- fix: update spec links from latest to draft by @domdomegg in #1171
- Make sure to consume HTTP error response bodies by @GreenStage in #1173
- docs: add GET request handling for streamableHttp stateless mode by @saharis9988 in #1161
- SEP-1686: Tasks by @LucaButBoring in #1041
- Fix JSON parse error on SSE events with empty data by @felixweinberger in #1184
- Fix StreamableHTTPClientTransport instantiation by @yuwzho in #944
- feat: eslint rule to prefer node protocols by @mattzcarey in #1187
- fix: call tasks/result to deliver side-channel messages by @felixweinberger in #1185
- Add invalid_target oauth error (rfc 8707) by @GreenStage in #1183
- fix(client): use StreamableHTTPError instead of plain Error in send() by @yamadashy in #1178
- coerce 'expires_in' to be a number by @adam-kuhn in #1111
- Allow HTTP issuer URLs when MCP_DEV_MODE is enabled by @jerome3o-anthropic in #1189
- fix: update registerTool signature for proper typed ToolCallback by @mattzcarey in #1188
- SEP-1046: Client credentials flow for M2M without user interaction by @KKonstantinov in #1157
- adds the transitive @types/express-serve-static-core dependency as a direct devDependency by @mgyarmathy in #1078
- Fix optional argument handling in prompts for Zod V4 by @filip-bartuska-ipf in #1199
- fix hanging stdio servers by @mattzcarey in #1200
- README refactor by @KKonstantinov in #1197
- [Docs] Fix typo by @koic in #1067
- feat: add closeSSEStream callback to RequestHandlerExtra by @felixweinberger in #1166
- fix: improve SSE reconnection behavior by @felixweinberger in #1191
- fix: normalize headers in sse transport by @marcrasi in #856
- feat: add closeStandaloneSSEStream for GET stream polling by @felixweinberger in #1203
- fix: normalize null to undefined in ElicitResultSchema content field by @mattzcarey in #1204
- Modify Origin header validation in validateRequestHeaders (streamableHttp.ts and sse.ts) to allow requests without an Origin, as they are not relevant to server DNS rebinding protection. by @jacopoc in #1205
- fix: allow zod 4 transformations by @mattzcarey in #1213
- feat: backwards-compatible createMessage overloads for SEP-1577 by @felixweinberger in #1212
- chore: bump version for release by @felixweinberger in #1215
New Contributors
- @GreenStage made their first contribution in #1173
- @saharis9988 made their first contribution in #1161
- @yuwzho made their first contribution in #944
- @yamadashy made their first contribution in #1178
- @adam-kuhn made their first contribution in #1111
- @mgyarmathy made their first contribution in #1078
- @filip-bartuska-ipf made their first contribution in #1199
- @koic made their first contribution in #1067
- @marcrasi made their first contribution in #856
- @jacopoc made their first contribution in #1205
Full Changelog: 1.23.0...1.24.0