Sourced fromgithub.com/modelcontextprotocol/go-sdk's releases.

v1.2.0

This release is equivalent to v1.2.0-pre.2. Thank you to those who tested the prerelease.

This release adds partial support for the2025-11-25 version of the MCP spec and fixes some bugs in the streamable transports. It also includes some minor new APIs, changes to contributing flows, and small bugfixes.

Contributing changes

• CONTRIBUTING.md is updated to remove the ad-hoc antitrust policy (#651), and add a dependency update policy (#635).
• An example server (examples/server/conformance) is added for the new conformance tests at modelcontextprotocol/conformance. Test can be run withscripts/conformance.sh (#650).

Partial support for the 2025-11-25 spec

The following SEPs from the 2025-11-25 spec are now supported. Please seemodelcontextprotocol/go-sdk#725 for the proposed API additions included to support these SEPs.

• SEP-973: icons and metadata (modelcontextprotocol/go-sdk#570)
• SEP-986: tool name validation (modelcontextprotocol/go-sdk#640)
• SEP-1024: elicitation defaults (modelcontextprotocol/go-sdk#644)
• SEP-1036: URL mode elicitation (modelcontextprotocol/go-sdk#646)
• SEP-1699: SSE polling (modelcontextprotocol/go-sdk#663)
• SEP-1330: elicitation enum improvements (modelcontextprotocol/go-sdk#676)

Other API additions

• Common error codes are now available through the sentineljsonrpc.Error (#452)
• OAuth 2.0 Protected Resource Metadata support (#643)
• ClientCapabilities.RootsV2 and RootCapabilities are added to work around an API bug (#607)
• Capabilities fields are added toServerOptions andClientOptions, to simplify capability configuration (#706)

Streamable fixes

Several bug fixes are included for the streamable transports:

• mcp: relax SSE connection response handling in non-strict mode by@​zhxie inmodelcontextprotocol/go-sdk#611
• Fix: Skip non-message SSE events in processStream by@​raphaelmansuy inmodelcontextprotocol/go-sdk#637
• mcp: better handling for streamable context cancellation by@​findleyr inmodelcontextprotocol/go-sdk#677
• mcp: don't break the streamable client connection for transient errors by@​findleyr inmodelcontextprotocol/go-sdk#723

Other notable bugfixes

• fix: handle Windows CRLF in MCP client by@​isfzhang inmodelcontextprotocol/go-sdk#665
• auth, mcp: add UserID to TokenInfo for session hijacking prevention by@​findleyr inmodelcontextprotocol/go-sdk#695
• internal/docs: document UserID for session hijacking prevention by@​findleyr inmodelcontextprotocol/go-sdk#697
• mcp: allow re-using connections in more cases by@​howardjohn inmodelcontextprotocol/go-sdk#709
• oauthex: validate URL schemes in auth server metadata and DCR by@​findleyr inmodelcontextprotocol/go-sdk#712
• mcp: debounce server change notifications by@​findleyr inmodelcontextprotocol/go-sdk#717
• oauthex: fix content type check in getJSON by@​nikolavp inmodelcontextprotocol/go-sdk#721

New Contributors

• @​zhxie made their first contribution inmodelcontextprotocol/go-sdk#611
• @​SpringMT made their first contribution inmodelcontextprotocol/go-sdk#614

... (truncated)

• 411d5a0 mcp: switch icon theme to named string type (#733)
• 76e6854 docs: add GitHub Pages redirect to latest release documentation (#702)
• See full diff incompare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)