modelcontextprotocol/python-sdk

Recent updates

• v1.27.2

  4 days ago

  v1.27.2 updates authentication token modeling (adding subject and claims), and changes experimental task behavior to bind task visibility to the session that created them. It also adds infrastructure to bind session context to the authenticated principal and to scope experimental task identifiers accordingly.

  BreakingFeatures

• v1.27.1

  3 weeks ago

  Patch release focused on compatibility and input normalization rather than new functionality. It makes schema generation resilient to Pydantic 2.13's error type, accepts empty-string values for optional OAuth client URL metadata, and tightens the httpx dependency to the 0.x line while switching SSEError to httpx_sse's public API.

• v1.27.0

  2 months ago

  v1.27.0 is mostly a docs and CI refresh, but it also includes a handful of important runtime fixes. The user-facing code changes center on OAuth resource validation, StreamableHTTP session idle timeouts, more resilient stdio/request teardown handling, and a backported Tasks capability update.

  SecurityFeatures

• v1.26.0

  4 months ago

  v1.26.0 primarily adds metadata plumbing for FastMCP resources and resource templates, carrying `meta` through model construction, listing, and read responses. It also changes the streamable HTTP session error path so unknown session IDs return HTTP 404 instead of 400, and adds a CI-only all-green workflow job.

  BreakingFeatures

• v1.25.0

  5 months ago

  This release mainly fixes Url Elicitation handling so `UrlElicitationRequiredError` now propagates as the MCP `URL_ELICITATION_REQUIRED` error instead of being wrapped as a generic tool failure. It also updates CI to include the `v1.x` maintenance branch and formalizes the repo’s new branching strategy for v2 development. The notes advise users who need to remain on v1.x to pin `mcp>=1.25,<2`.

• v1.24.0

  5 months ago

  v1.24.0 adds client-side support for SEP-1577 sampling (including tooling) and introduces a new `streamable_http_client` that works with `httpx.AsyncClient`. It also fixes a JSON-RPC error response issue where the response ID was not matched correctly.

  Features

• v1.23.3

  5 months ago

  v1.23.3 is a small maintenance release focused on OAuth cleanup, SSE keep-alive handling, and relaxing FastMCP MIME type validation to accept RFC 2045 parameters. The release notes also mention release automation workflow changes, while the code diff itself is concentrated in auth, SSE, resource validation, and tests.

  Features

• v1.23.2

  6 months ago

  This release is mostly a StreamableHTTP stability and compatibility update. It fixes a race condition that could surface ClosedResourceError when requests fail early, and it avoids sending SSE priming events or close callbacks to older protocol versions. The examples and README were also updated to show mounting StreamableHTTP under a Starlette lifespan context manager.

• v1.23.1

  6 months ago

  This release updates the Model Context Protocol latest version from 2025-06-18 to 2025-11-25. The code change is narrowly scoped to protocol version metadata, with tests updated to accept the new negotiated version.

• v1.23.0

  6 months ago

  This release aligns the Python SDK with MCP spec 2025-11-25 and adds a broad set of experimental capabilities, including tasks, URL mode elicitation, SSE polling, and sampling with tools. It also expands OAuth and machine-to-machine auth support with client_secret_basic, client_credentials, and URL-based client IDs, while tightening local server security and tool validation.

  BreakingSecurityFeatures

• v1.22.0

  6 months ago

  v1.22.0 adds support for passing through and exposing additional parameters in ClientSessionGroup.call_tool and ClientSessionGroup.connect_to_server. It also introduces a lazy import for the jsonschema dependency to reduce unnecessary load, and refreshes documentation examples for stateless HTTP with JSON responses.

  Features