Skip to main content
This document lists changes made to the Model Context Protocol (MCP) specification since the previous revision, 2025-06-18.

Major changes

  1. Enhance authorization server discovery with support for OpenID Connect Discovery 1.0. (PR #797)
  2. Allow servers to expose icons as additional metadata for tools, resources, resource templates, and prompts (SEP-973).
  3. Enhance authorization flows with incremental scope consent via WWW-Authenticate (SEP-835)
  4. Provide guidance on tool names (SEP-986)

Minor changes

  1. Clarify that servers must respond with HTTP 403 Forbidden for invalid Origin headers in Streamable HTTP transport. (PR #1439)
  2. Updated the Security Best Practices guidance.

Other schema changes

Full changelog

For a complete list of all changes that have been made since the last protocol revision, see GitHub.
I