Update dependency mcp to v1.23.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
mcp	==1.16.0 -> ==1.23.0

GitHub Vulnerability Alerts

CVE-2025-66416

Description

The Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using FastMCP with streamable HTTP or SSE transport, and has not configured TransportSecuritySettings, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances.

Note that running HTTP-based MCP servers locally without authentication is not recommended per MCP security best practices. This issue does not affect servers using stdio transport.

Servers created via FastMCP() now have DNS rebinding protection enabled by default when the host parameter is 127.0.0.1 or localhost. Users are advised to update to version 1.23.0 to receive this automatic protection. Users with custom low-level server configurations using StreamableHTTPSessionManager or SseServerTransport directly should explicitly configure TransportSecuritySettings when running an unauthenticated server on localhost.

---

Release Notes

modelcontextprotocol/python-sdk (mcp)

v1.23.0

Compare Source

Summary

This release brings us up to speed with the latest MCP spec 2025-11-25. Take a look at the latest spec as well as the release blog post.

What's Changed

• Add tests for JSON Schema 2020-12 field preservation (SEP-1613) by @​felixweinberger in #​1649
• Add client_secret_basic authentication support by @​jonshea in #​1334
• Implement SEP-1577 - Sampling With Tools by @​ochafik in #​1594
• SEP-1330: Elicitation Enum Schema Improvements and Standards Compliance by @​chughtapan in #​1246
• [auth][conformance] add conformance auth client by @​pcarleton in #​1640
• Implement SEP-986: Tool name validation by @​felixweinberger in #​1655
• fix: url for spec by @​felixweinberger in #​1659
• feat: implement SEP-991 URL-based client ID (CIMD) support by @​pcarleton in #​1652
• Update doc string on custom_route by @​pcarleton in #​1660
• Implement SEP-1036: URL mode elicitation for secure out-of-band interactions by @​cbcoutinho in #​1580
• Skip empty SSE data to avoid parsing errors by @​felixweinberger in #​1670
• SEP-1686: Tasks by @​maxisbey in #​1645
• Add on_session_created callback option by @​crondinini-ant in #​1710
• Add SSE polling support (SEP-1699) by @​felixweinberger in #​1654
• Support client_credentials flow with JWT and Basic auth by @​pcarleton in #​1663
• feat: backwards-compatible create_message overloads for SEP-1577 by @​felixweinberger in #​1713
• Auto-enable DNS rebinding protection for localhost servers by @​pcarleton (d3a1841)

New Contributors

• @​ochafik made their first contribution in #​1594

Full Changelog: modelcontextprotocol/python-sdk@v1.22.0...v1.23.0

v1.22.0

Compare Source

What's Changed

• feat: Pass through and expose additional parameters in ClientSessionGroup.call_tool and .connect_to_server by @​inaku-Gyan in #​1576
• chore: Lazy import jsonschema library by @​wuliang229 in #​1596
• docs: Update examples to use stateless HTTP with JSON responses by @​domdomegg in #​1499

New Contributors

• @​wuliang229 made their first contribution in #​1596

Full Changelog: modelcontextprotocol/python-sdk@v1.21.1...v1.22.0

v1.21.2

Compare Source

Hotfix Release

This is a hotfix release to address a critical bug in OAuth scope handling that caused failures on 401 responses.

Related:

• #​1630
• #​1632

What's Changed

• fix get_client_metadata_scopes on 401 by @​abliznyuk in #​1631

New Contributors

• @​abliznyuk made their first contribution in #​1631

Full Changelog: modelcontextprotocol/python-sdk@v1.21.1...v1.21.2

v1.21.1

Compare Source

What's Changed

• Add everything-server for comprehensive MCP conformance testing by @​felixweinberger in #​1587
• Get baseline 100% clean coverage by @​maxisbey in #​1553
• Add end-of-file-fixer pre-commit hook by @​maxisbey in #​1610
• Add coverage baseline commit to git-blame-ignore by @​maxisbey in #​1613
• Add SEP-1034 conformance test support to everything-server by @​felixweinberger in #​1604
• refactor: extract OAuth helper functions and simplify provider state by @​maxisbey in #​1586
• Add client_id_metadata_document_supported to OAuthMetadata by @​maxisbey in #​1603
• Fix OAuth discovery fallback and URL ordering by @​maxisbey in #​1624
• Refactor func_metadata() implementation by @​Viicos in #​1496
• Fix CI highest resolution test to actually test highest versions by @​maxisbey in #​1609

New Contributors

• @​Viicos made their first contribution in #​1496

Full Changelog: modelcontextprotocol/python-sdk@v1.21.0...v1.21.1

v1.21.0

Compare Source

What's Changed

• docs: use article "an" before "MCP" instead of "a" by @​koic in #​1558
• Update Starlette to 0.49.1 in uv.lock by @​ColeMurray in #​1559
• Fix typo in ClientSessionGroup doc string by @​inaku-Gyan in #​1572
• Implement SEP-985: OAuth Protected Resource Metadata discovery fallback by @​cbcoutinho in #​1548
• Add --frozen flag to uv run commands in Claude config by @​maxisbey in #​1583
• Add get_server_capabilities() to ClientSession by @​crondinini-ant in #​1588

New Contributors

• @​koic made their first contribution in #​1558
• @​ColeMurray made their first contribution in #​1559
• @​inaku-Gyan made their first contribution in #​1572
• @​cbcoutinho made their first contribution in #​1548
• @​crondinini-ant made their first contribution in #​1588

Full Changelog: modelcontextprotocol/python-sdk@v1.20.0...v1.21.0

v1.20.0

Compare Source

What's Changed

• Relax Accept header requirement for JSON-only responses by @​domdomegg in #​1500
• fix: replace deprecated dev-dependencies in examples/clients by @​yukuanj in #​1518
• fix: Update spec links to new modelcontextprotocol.io location by @​maxisbey in #​1491
• fix: Replace fixed sleep with active server readiness check in SSE tests by @​maxisbey in #​1526
• fix: Replace arbitrary sleeps with active server readiness checks in tests by @​maxisbey in #​1527
• Fix flaky timeout test in test_88_random_error by @​maxisbey in #​1525
• fix: Replace remaining manual server polling with wait_for_server helper by @​maxisbey in #​1529
• Implement RFC 7523 JWT flows by @​LucaButBoring in #​1247
• Fix pyright error and replace wildcard import with explicit imports by @​maxisbey in #​1532
• Fix auth client example URL handling for oauth provider by @​pcarleton in #​1549

New Contributors

• @​domdomegg made their first contribution in #​1500
• @​pcarleton made their first contribution in #​1549

Full Changelog: modelcontextprotocol/python-sdk@v1.19.0...v1.20.0

v1.19.0

Compare Source

What's Changed

• feat: add tool metadata in FastMCP.tool decorator by @​mat-octave in #​1463
• Make client examples workspaces to reflect package code by @​LucaButBoring in #​1466
• Expose RequestParams._meta in ClientSession.call_tool by @​samchenatti in #​1231
• Allow CallToolResult to be returned directly to support _meta field for OpenAI Apps by @​BrandonShar in #​1459
• fix: uv CVE-2025-62518 astral-tokio-tar issue GHSA-j5gw-2vrg-8fgx by @​cclauss in #​1505
• fix: use proper dependency resolution in CI by @​felixweinberger in #​1507
• Upgrade GitHub Actions by @​cclauss in #​1473
• test: use errno.ENOENT for command not found assertion by @​mingo1996 in #​1498
• Replace deprecated dev-dependencies with dependency-groups by @​yukuanj in #​1488
• update uv to 0.9.5 by @​maxisbey in #​1510

New Contributors

• @​mat-octave made their first contribution in #​1463
• @​samchenatti made their first contribution in #​1231
• @​BrandonShar made their first contribution in #​1459
• @​mingo1996 made their first contribution in #​1498

Full Changelog: modelcontextprotocol/python-sdk@v1.18.0...v1.19.0

v1.18.0

Compare Source

What's Changed

• [client] Implement MCP OAuth scope selection and step-up authorization by @​dogacancolak in #​1324
• Handles message type Exception in lowlevel/server.py _handle_message function. Mentioned as TODO on line 528. by @​AishwaryaKalloli in #​786
• Fix workspace configuration error with structured_output_lowlevel.py by @​felixweinberger in #​1471
• fix: Remove unnecessary constructor from ResourceServerSettings by @​rocky-d in #​1424
• feat: add resource annotations support to FastMCP by @​fennb in #​1468
• fix: send params as empty object for list methods without cursor by @​felixweinberger in #​1453
• fix: Set the Server session initialization state immediately after respond… by @​daamitt in #​1478

New Contributors

• @​dogacancolak made their first contribution in #​1324
• @​rocky-d made their first contribution in #​1424
• @​fennb made their first contribution in #​1468
• @​daamitt made their first contribution in #​1478

Full Changelog: modelcontextprotocol/python-sdk@v1.17.0...v1.18.0

v1.17.0

Compare Source

What's Changed

• Add documentation structure by @​Kludex in #​1425
• Add documentation about testing by @​Kludex in #​1426
• Improve OAuth protected resource metadata URL construction per RFC 9728 by @​shulkx in #​1407
• feat: add ability to remove tools by @​brandonspark in #​1322
• Update README to link to Python SDK documentation by @​felixweinberger in #​1430
• fix: update CLAUDE.md to remove auto-addition of reviewers. by @​felixweinberger in #​1431

New Contributors

• @​shulkx made their first contribution in #​1407
• @​brandonspark made their first contribution in #​1322

Full Changelog: modelcontextprotocol/python-sdk@v1.16.0...v1.17.0

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.