| v3.4.0 | FastMCP 3.4 is about reaching servers that live somewhere else. The headline is `fastmcp-remote`, a standalone bridge that connects stdio-only MCP hosts to servers hosted over HTTP. Around it, this release hardens the proxy layer those remote connections depend on โ making bridges fail loudly instead of silently, and keeping authenticated sessions alive across the long idle periods that remote clients are prone to. ## fastmcp-remote Some MCP hosts still insist on launching a local stdio comman | High | 6/3/2026 |
| v3.3.1 | FastMCP 3.3.1 is a hotfix for the 3.3 packaging split. Clean installs of 3.3.0 could fail on standalone component imports like `from fastmcp.tools import tool` because component modules reached auth and task primitives through `fastmcp.server`, pulling in the server/provider stack and exposing a circular import. Component-level auth and task primitives now live in lightweight utility modules, with the old server import paths preserved as compatibility re-exports. Component imports stay lightwei | High | 5/15/2026 |
| v3.3.0 | FastMCP 3.3 ships `fastmcp-slim`, a new lightweight distribution that separates the client from the server stack. It also closes out a meaningful backlog of security hardening, observability improvements, and auth additions that accumulated through the 3.2 cycle. ## fastmcp-slim The full FastMCP package pulls in Starlette, Uvicorn, and the rest of the server machinery โ necessary for running a server, but wasteful if you're writing a client, a script, or an agent that just needs to talk to MCP | High | 5/15/2026 |
| v3.2.4 | A grab bag of fixes, hardening, and polish. The headline behavior change: background tasks are now scoped to the authorization context rather than the MCP session, so a task kicked off by an authenticated user survives session churn and stays tied to who started it. This is a breaking change for anyone relying on the old session-scoped semantics. Security got three meaningful upgrades. `FileUpload` now validates actual decoded base64 size instead of trusting the client-reported number, so an a | High | 4/14/2026 |
| v2.14.7 | <!-- Release notes generated using configuration in .github/release.yml at release/2.x --> ## What's Changed ### Fixes ๐ * fix(deps): cap fakeredis to <2.35.0 to prevent startup crash on 2.x by @vincent067 in https://github.com/PrefectHQ/fastmcp/pull/3883 **Full Changelog**: https://github.com/PrefectHQ/fastmcp/compare/v2.14.6...v2.14.7 | Medium | 4/13/2026 |
| v3.2.3 | fakeredis 2.35.0 shipped an undocumented rename (`FakeConnection` โ `FakeAsyncRedisConnection`) that broke pydocket's `memory://` backend, causing `fastmcp[tasks]` installs to fail at startup with an `ImportError`. This pins `fakeredis<2.35.0` in the `tasks` extra as a stopgap until a fixed pydocket ships. <!-- Release notes generated using configuration in .github/release.yml at main --> ## What's Changed ### Fixes ๐ * Pin fakeredis<2.35.0 in tasks extra by @jlowin in https://github.com/Pre | High | 4/9/2026 |
| v3.2.2 | The Azure audience fix in 3.2.1 overcorrected: it switched token validation from `client_id` to `identifier_uri`, which fixed custom Application ID URIs but broke the default case where Azure AD v2 tokens set `aud` to the bare client ID GUID. Both formats are now accepted. <!-- Release notes generated using configuration in .github/release.yml at main --> ## What's Changed ### Fixes ๐ * fix: accept both client_id and identifier_uri as Azure audience by @jlowin in https://github.com/PrefectHQ | Medium | 4/9/2026 |
| v3.2.1 | Most of the fixes in this patch are about auth providers getting audience validation wrong. Cognito token verification was checking the `aud` JWT claim, but Cognito access tokens don't include one; they use `client_id` instead. Azure was hardcoding the raw client ID as the expected audience, ignoring the `identifier_uri` parameter even though Entra v2.0 tokens use the Application ID URI as `aud`. Both now validate correctly without changing the provider API. Consent cookies also had an unbounded | High | 4/8/2026 |
| v3.2.0 | FastMCP 3.2 is the Apps release. The 3.0 architecture gave you providers and transforms; 3.1 shipped Code Mode for tool discovery. 3.2 puts a face on it: your tools can now return interactive UIs โ charts, dashboards, forms, maps โ rendered right inside the conversation. ## FastMCPApp `FastMCPApp` is a new provider class for building interactive applications inside MCP. It separates the tools the LLM sees (`@app.ui()`) from the backend tools the UI calls (`@app.tool()`), manages visibility aut | Medium | 3/30/2026 |
| v2.14.6 | PR #2861 backported `dereference_refs()` to v2 but never wired it into the tool schema pipeline โ `$ref` and `$defs` were still sent to MCP clients. Now fixed: `compress_schema()` dereferences at both tool schema creation sites, so schemas are fully inlined before reaching clients. <!-- Release notes generated using configuration in .github/release.yml at release/2.x --> ## What's Changed ### Fixes ๐ * Updated deprecation URL for V2 by @SrzStephen in https://github.com/PrefectHQ/fastmcp/pull | Medium | 3/27/2026 |
| v3.1.1 | Pins `pydantic-monty<0.0.8` to fix a breaking change in Monty that affects code mode. Monty 0.0.8 removed the `external_functions` constructor parameter, causing `MontySandboxProvider` to fail. This patch caps the version so existing installs work correctly. <!-- Release notes generated using configuration in .github/release.yml at release/3.1.1 --> ## W | Low | 3/14/2026 |
| v3.1.0 | FastMCP 3.1 is the Code Mode release. The 3.0 architecture introduced providers and transforms as the extensibility layer โ 3.1 puts that architecture to work, shipping the most requested capability since launch: servers that can find and execute code on behalf of agents, without requiring clients to know what tools exist. ## Code Mode Standard MCP has two scaling problems. The entire tool catalog loads into context upfront โ with a large server, that's tens of thousands of tokens before t | Low | 3/3/2026 |
| v3.0.2 | Two community-contributed fixes: auth headers from MCP transport no longer leak through to downstream OpenAPI APIs, and background task workers now correctly receive the originating request ID. Plus a new docs example for context-aware tool factories. <!-- Release notes generated using configuration in .github/release.yml at main --> ## What's Changed ### Fixes ๐ * fix: prevent MCP transport auth header from leaking to downstream OpenAPI APIs (#3260) by @stakeswky in https://github.com/ | Low | 2/22/2026 |
| v3.0.1 | First patch after 3.0 โ mostly smoothing out rough edges discovered in the wild. The big ones: middleware state that wasn't surviving the trip to tool handlers now does, `Tool.from_tool()` accepts callables again, OpenAPI schemas with circular references no longer crash discovery, and decorator overloads now return the correct types in function mode. Also adds `verify_id_token` to OIDCProxy for providers (like some Azure AD configs) that issue opaque access tokens but standard JWT id_tokens. | Low | 2/21/2026 |
| v3.0.0 | FastMCP 3.0 is stable. Two betas, two release candidates, 21 new contributors, and more than 100,000 pre-release installs later โ the architecture held up, the upgrade path was smooth, and we're shipping it. The surface API is largely unchanged โ `@mcp.tool()` still works exactly as before. What changed is everything underneath: a provider/transform architecture that makes FastMCP extensible, observable, and composable in ways v2 couldn't support. If we did our jobs right, you'll barely notic | Low | 2/18/2026 |
| v3.0.0rc3 | FastMCP 3 rc3 is being released solely to ensure that the release pipeline is intact from the new repo. If successful, it will be followed immediately by 3.0 GA. | Low | 2/18/2026 |
| v3.0.0rc2 | RC2 is a small release with a bugfix and a breaking change (that should have been in RC1): `fastmcp dev` is now a subcommand group, with the inspector moving to `fastmcp dev inspector`. We're planning to add new dev tools โ mock servers, apps testing โ that the Inspector alone can't handle, and this is the right time to claim the CLI namespace. <!-- Release notes generated using configuration in .github/release.yml at main --> ## What's Changed ### Fixes ๐ * Fix include_tags/exclude_ta | Low | 2/14/2026 |
| v3.0.0rc1 | FastMCP 3 RC1 means we believe the API is stable. Beta 2 drew a wave of real-world adoption โ production deployments, migration reports, integration testing โ and the feedback overwhelmingly confirmed that the architecture works. This release closes gaps that surfaced under load: auth flows that needed to be async, background tasks that needed reliable notification delivery, and APIs still carrying beta-era naming. If nothing unexpected surfaces, this is what 3.0.0 looks like. ๐จ **Breaking C | Low | 2/12/2026 |
| v3.0.0b2 | FastMCP 3 Beta 2 reflects the huge number of people that have kicked the tires on Beta 1. Seven new contributors landed changes in this release, and early migration reports have gone even smoother than expected, including teams on Prefect Horizon upgrading from v2. All of which makes a strong case for moving toward a stable release. As such, most of Beta 2 is refinement: fixing what people found, filling gaps from real usage, hardening edges. But a few new features did land along the way. ๐ฅ๏ธ | Low | 2/7/2026 |
| v2.14.5 | Fixes a memory leak in the memory:// docket broker where cancelled tasks accumulated instead of being cleaned up. Bumps pydocket to โฅ0.17.2. <!-- Release notes generated using configuration in .github/release.yml at release/2.x --> ## What's Changed ### Enhancements ๐ง * Bump pydocket to 0.17.2 (memory leak fix) by @chrisguidry in https://github.com/jlowin/fastmcp/pull/2992 ### Docs ๐ * Add release notes for v2.14.4 and v2.14.5 by @jlowin in https://github.com/jlowin/fastmcp/pull/3063 | Low | 2/3/2026 |
| v2.14.4 | This patch release fixes a fresh install bug where the packaging library was previously installed as a transitive dependency but is no longerโcausing an import error on fresh installs without dev dependencies. Also includes a pydocket version pin to avoid Redis connection noise in tests, plus backports from 3.x for $ref dereferencing in tool schemas and the task capabilities location fix. <!-- Release notes generated using configuration in .github/release.yml at release/2.x --> ## What's C | Low | 1/22/2026 |
| v3.0.0b1 | FastMCP 3.0 rebuilds the framework around three primitives: components, providers, and transforms. Providers source components dynamicallyโfrom decorators, filesystems, OpenAPI specs, remote servers, or anywhere else. Transforms modify components as they flow to clientsโrenaming, namespacing, filtering, securing. The features that required specialized subsystems in v2 now compose naturally from these building blocks. ๐ **Provider Architecture** unifies how components are sourced. `FileSystem | Low | 1/20/2026 |
| v2.14.3 | This patch release fixes an HTTP transport timeout bug where connections were defaulting to 5 seconds instead of respecting MCP's 30-second default, causing premature timeouts for slower operations. Also includes OAuth token storage fixes, Redis key isolation for ACL compliance, and improved ContextVar propagation for ASGI-mounted servers. Plus, the CLI will now nudge you when updates are available (you're welcome, future you). <!-- Release notes generated using configuration in .github/relea | Low | 1/12/2026 |
| v2.14.2 | FastMCP 2.14.2 brings a wave of community contributions safely into the 2.x line. A variety of important fixes backported from 3.0 work improve OpenAPI 3.1 compatibility, MCP spec compliance for output schemas and elicitation, and correct a subtle base_url fallback issue. The CLI now gently reminds you that FastMCP 3.0 is on the horizon. <!-- Release notes generated using configuration in .github/release.yml at release/2.x --> ## What's Changed ### Enhancements ๐ง * Pin MCP under 2.x by | Low | 12/31/2025 |
| v2.14.1 | FastMCP 2.14.1 adds support for sampling with tools (SEP-1577). This exciting new feature lets servers pass tools to `ctx.sample()`, enabling agentic workflows where the server borrows the client's LLM and controls tool execution automatically. Pass any callable as a tool and FastMCP handles the loop: calling the LLM, executing tools, and feeding results back until a final response is produced. For fine-grained control, `ctx.sample_step()` makes a single LLM call and returns a `SampleStep`, lett | Low | 12/15/2025 |
| v2.14.0 | FastMCP 2.14 begins adopting the MCP 2025-11-25 specification, headlined by protocol-native background tasks that let long-running operations report progress without blocking clients. This release also graduates the OpenAPI parser to standard, adds first-class support for several new spec features, and removes deprecated APIs accumulated across the 2.x series. ## Background Tasks (SEP-1686) Long-running operations (like tool calls) normally block MCP clients until they complete. The new [M | Low | 12/11/2025 |
| v2.13.3 | MCP SDK 1.23 introduced some changes related to the 11/25/25 MCP protocol update that break some patches/workarounds that FastMCP had implemented previously. In particular, OAuth changes in the new protocol changed some implementation details that FastMCP patched; as such 1.23 is not necessarily a breaking SDK change but it is "breaking" for certain FastMCP behaviors. As a precaution, this release pins `mcp<1.23`. FastMCP 2.14 will introduce 11/25/25 support (and require `mcp>=1.23`). | Low | 12/3/2025 |
| v2.13.2 | FastMCP 2.13.2 polishes the authentication stack with fixes for token refresh, scope handling, and multi-instance deployments. Discord joins the growing roster of built-in OAuth providers, Azure and Google token handling gets more reliable, and proxy classes now properly forward icons and titles. This release also adds CSP customization for consent screens and fixes an edge case where `$defs` could mutate during tool transforms. Welcome to 7 new contributors who made their first FastMCP contr | Low | 12/1/2025 |
| v2.13.1 | FastMCP 2.13.1 introduces meta parameter support for `ToolResult` (#2283), letting tools return metadata alongside results to enable new use cases such as OpenAI's Apps SDK. It also supports client-sent meta (#2206) as well as improved OAuth capabilities and custom token verifiers (including the new `DebugTokenVerifier`) and an OCI authentication provider. A large list of enhancements and bugfixes round out the release. Note that #2422 excludes MCP SDK 1.21.1 as a permitted dependency version | Low | 11/15/2025 |
| v2.13.0.2 | ## Bugfixes This release includes two critical dependency fixes: - **Fix py-key-value-aio minimum version** (#2288): Corrected minimum version requirement to 0.2.8 to ensure compatibility - **Replace openapi-core with jsonschema-path** (#2291): Migrated from openapi-core to jsonschema-path for improved OpenAPI validation performance and stability | Low | 10/28/2025 |
| v2.13.0.1 | This release includes an important bugfix for 2.13.0 that affects how the Azure OAuth provider handles scopes. <!-- Release notes generated using configuration in .github/release.yml at main --> ## What's Changed ### Enhancements ๐ง * Add "High Value" Ruff Rules by @strawgate in https://github.com/jlowin/fastmcp/pull/2255 ### Fixes ๐ * Fix Azure scope validation by @jlowin in https://github.com/jlowin/fastmcp/pull/2269 ### Other Changes ๐ฆพ * Add CI test job for lowest-direct depende | Low | 10/26/2025 |
| v2.13.0 | FastMCP 2.13.0 **"Cache Me If You Can"** represents a fundamental maturation of the framework. After months of community feedback on authentication and state management, this release delivers the infrastructure FastMCP needs to handle production workloads: persistent storage, response caching, and pragmatic OAuth improvements that reflect real-world deployment challenges. ๐พ **Pluggable storage backends** bring persistent state to FastMCP servers. Built on [py-key-value-aio](https://github.co | Low | 10/25/2025 |
| v2.13.0rc3 | Release candidate 3 for 2.13.0 | Low | 10/24/2025 |
| v2.13.0rc2 | Release candidate 2 for 2.13.0 | Low | 10/21/2025 |
| v2.13.0rc1 | Release candidate 1 for 2.13.0 | Low | 10/19/2025 |
| v2.12.5 | This is a point release to pin the MCP SDK below 1.17, which introduced a change that is affecting some FastMCP users who 1) are using FastMCP auth providers and 2) are mounting their MCP servers as part of a larger application, resulting in the `.well-known` payload appearing in an unexpected location. The only change in this release is pinning the SDK version: https://github.com/jlowin/fastmcp/commit/dab2b316ddc3883b7896a86da21cacb68da01e5c <!-- Release notes generated using configuration | Low | 10/17/2025 |
| v2.12.4 | FastMCP 2.12.4 adds comprehensive OIDC support and expands authentication options with AWS Cognito and Descope providers. The release also includes improvements to logging middleware, URL handling for nested resources, persistent OAuth client registration storage, and various fixes to the experimental OpenAPI parser. <!-- Release notes generated using configuration in .github/release.yml at main --> ## What's Changed ### New Features ๐ * feat: Add support for OIDC configuration by @ruhu | Low | 9/26/2025 |
| v2.12.3 | This release adds an integration with Gemini CLI, improves the flexibility of the OAuth Proxy, and fixes some bugs with the install commands and tool content generation. <!-- Release notes generated using configuration in .github/release.yml at main --> ## What's Changed ### Enhancements ๐ง * feat: add support for Gemini CLI integration by @jackwotherspoon in https://github.com/jlowin/fastmcp/pull/1709 * Protected resource advertises valid scopes, if available by @dmikusa in https://gi | Low | 9/12/2025 |
| v2.12.2 | This is a hotfix for a bug where the `streamable-http` transport was not recognized as a valid option in `fastmcp.json` configuration files, despite being supported by the CLI. This resulted in a parsing error when the CLI arguments were merged against the configuration spec. <!-- Release notes generated using configuration in .github/release.yml at main --> ## What's Changed ### Fixes ๐ * Hotfix: restore --transport streamable http at CLI by @jlowin in https://github.com/jlowin/fastmc | Low | 9/3/2025 |
| v2.12.1 | FastMCP 2.12.1 strengthens the OAuth proxy implementation based on extensive community testing and feedback. This release fixes DCR client generation, improves client token storage reliability, adds PKCE forwarding for enhanced security, introduces configurable token endpoint authentication methods, and expands scope handling; all addressing real-world integration challenges discovered since 2.12.0. The enhanced test suite with mock providers ensures these improvements are robust and maintainabl | Low | 9/3/2025 |
| v2.12.0 | FastMCP 2.12 represents one of our most significant releases to date, both in scope and community involvement. After extensive testing and iteration with the community, we're shipping major improvements to authentication, configuration, and MCP feature adoption. ๐ **OAuth Proxy for Broader Provider Support** addresses a fundamental challenge: while MCP requires Dynamic Client Registration (DCR), many popular OAuth providers don't support it. The new OAuth proxy bridges this gap, enabling Fas | Low | 8/31/2025 |
| v2.12.0rc1 | Release candidate 1 for 2.12.0 | Low | 8/30/2025 |
| v2.11.3 | <!-- Release notes generated using configuration in .github/release.yml at main --> This release includes significant enhancements to the experimental OpenAPI parser and fixes a significant bug that led schemas not to be included in input/output schemas if they were transitive dependencies (e.g. A โ B โ C implies A depends on C). For users naively transforming large OpenAPI specs into MCP servers, this may result in ballooning payload sizes and necessitate curation. ## What's Changed ### | Low | 8/11/2025 |
| v2.11.2 | <!-- Release notes generated using configuration in .github/release.yml at main --> ## What's Changed ### Enhancements ๐ง * Support factory functions in fastmcp run by @jlowin in https://github.com/jlowin/fastmcp/pull/1384 * Add async support to client_factory in FastMCPProxy (#1286) by @bianning in https://github.com/jlowin/fastmcp/pull/1375 ### Fixes ๐ * Fix server_version field in inspect manifest by @jlowin in https://github.com/jlowin/fastmcp/pull/1383 * Fix Settings field with b | Low | 8/6/2025 |
| v2.11.1 | <!-- Release notes generated using configuration in .github/release.yml at main --> ## What's Changed ### New Features ๐ * Introduce `RemoteAuthProvider` for cleaner external identity provider integration, update docs by @jlowin in https://github.com/jlowin/fastmcp/pull/1346 ### Enhancements ๐ง * perf: optimize string operations in OpenAPI parameter processing by @chi2liu in https://github.com/jlowin/fastmcp/pull/1342 ### Fixes ๐ * Fix method-bound FunctionTool schemas by @strawgate i | Low | 8/4/2025 |
| v2.11.0 | FastMCP 2.11 doubles down on what developers need most: speed and simplicity. This massive release delivers significant performance improvements and a dramatically better developer experience. ๐ **Enterprise-Ready Authentication** brings comprehensive OAuth 2.1 support with WorkOS's AuthKit integration. The new AuthProvider interface leverages MCP's support for separate resource and authorization servers, handling API keys and remote authentication with Dynamic Client Registration. AuthKit i | Low | 8/1/2025 |
| v2.10.6 | A special Saturday release with many fixes. <!-- Release notes generated using configuration in .github/release.yml at v2.10.6 --> ## What's Changed ### Enhancements ๐ง * Resolve #1139 -- Implement include_context argument in Context.sample by @codingjoe in https://github.com/jlowin/fastmcp/pull/1141 * feat(settings): add log level normalization by @ka2048 in https://github.com/jlowin/fastmcp/pull/1171 * add server name to mounted server warnings by @artificial-aidan in https://github. | Low | 7/19/2025 |
| v2.10.5 | <!-- Release notes generated using configuration in .github/release.yml at main --> ## What's Changed ### Enhancements ๐ง * Fix Claude Code CLI detection for npm global installations by @jlowin in https://github.com/jlowin/fastmcp/pull/1106 * Fix OpenAPI parameter name collisions with location suffixing by @jlowin in https://github.com/jlowin/fastmcp/pull/1107 * Add mirrored component support for proxy servers by @jlowin in https://github.com/jlowin/fastmcp/pull/1105 ### Fixes ๐ * Fix | Low | 7/11/2025 |
| v2.10.4 | <!-- Release notes generated using configuration in .github/release.yml at main --> ## What's Changed ### Fixes ๐ * Ensure the CLI accepts "streamable-http" as a valid transport by @jlowin in https://github.com/jlowin/fastmcp/pull/1099 **Full Changelog**: https://github.com/jlowin/fastmcp/compare/v2.10.3...v2.10.4 | Low | 7/9/2025 |
| v2.10.3 | <!-- Release notes generated using configuration in .github/release.yml at main --> ## What's Changed ### New Features ๐ * Refactor CLI from typer to cyclopts and add comprehensive tests by @jlowin in https://github.com/jlowin/fastmcp/pull/1062 * Add output schema support for OpenAPI tools by @jlowin in https://github.com/jlowin/fastmcp/pull/1073 ### Enhancements ๐ง * Add Cursor support via CLI integration by @jlowin in https://github.com/jlowin/fastmcp/pull/1052 * Add Claude Code inst | Low | 7/9/2025 |
| v2.10.2 | The headline feature of this release is the ability to "forward" advanced MCP interactions like logging, progress, and elicitation through proxy servers. If the remote server requests an elicitation, the proxy client will pass that request to the new, "ultimate" client. <!-- Release notes generated using configuration in .github/release.yml at main --> ## What's Changed ### New Features ๐ * Proxy support advanced MCP features by @hopeful0 in https://github.com/jlowin/fastmcp/pull/1022 | Low | 7/5/2025 |
| v2.10.1 | <!-- Release notes generated using configuration in .github/release.yml at main --> ## What's Changed ### Docs ๐ * Update changelog.mdx by @jlowin in https://github.com/jlowin/fastmcp/pull/1009 * Revert "Add CLI banner" by @jlowin in https://github.com/jlowin/fastmcp/pull/1011 **Full Changelog**: https://github.com/jlowin/fastmcp/compare/v2.10.0...v2.10.1 | Low | 7/2/2025 |
| v2.10.0 | FastMCP 2.10.0 delivers full compliance with the [6/18/2025 MCP spec update](https://modelcontextprotocol.io/specification/2025-06-18/changelog), introducing powerful new capabilities for building interactive MCP servers. This release adds **elicitation** support, which enables servers to request additional information from users during interactions, creating opportunities for human-in-the-loop workflows and more dynamic server-client communication. The update also introduces **output schemas** | Low | 7/1/2025 |
