TokenMix Research Lab · 2026-06-04

MCP Protocol Updates 2026: 9 Spec Changes, RC Migration Map

MCP Protocol Updates 2026: 9 Spec Changes, RC Migration Map

Last Updated: 2026-06-04 Author: TokenMix Research Lab Data verified: 2026-06-04 - Model Context Protocol latest stable spec, 2025-11-25 / 2025-06-18 / 2025-03-26 changelogs, 2026 roadmap, 2026-07-28 release candidate blog, MCP Apps, Extensions, SEPs, and GitHub specification repository

The latest stable MCP spec is 2025-11-25. The 2026-07-28 release is only a release candidate today, but it is the migration event developers should plan for now.

MCP search results are noisy because "update" can mean three different things: the latest stable specification, a future release candidate, or an SDK/server package release. The official spec page redirects to version 2025-11-25 and labels it latest (MCP specification). The May 21, 2026 maintainer post says the 2026-07-28 release candidate is available and the final specification is scheduled for July 28, 2026, with breaking changes including a stateless protocol core, first-class extensions, Tasks as an extension, MCP Apps, authorization hardening, deprecations for Roots/Sampling/Logging, and full JSON Schema 2020-12 for tools (MCP RC post). The short answer: do not call 2026-07-28 stable yet. Do start migration testing if your MCP servers depend on sessions, initialize, Mcp-Session-Id, experimental Tasks, or literal resource error codes.

Table of Contents

Quick Verdict

Claim Status Source
Latest stable MCP specification is 2025-11-25 as of 2026-06-04 Confirmed MCP specification
2026-07-28 is already the stable MCP spec False RC post says release candidate, final scheduled July 28
The 2026 RC removes initialize/initialized handshake and Mcp-Session-Id from the protocol layer Confirmed RC RC post
The 2026 RC adds a stateless core for ordinary HTTP infrastructure Confirmed RC RC post
Extensions become first-class and use reverse-DNS identifiers Confirmed RC RC post, Extensions post
MCP Apps are the first official MCP extension and were live in January 2026 Confirmed MCP Apps post
Tasks shipped experimental in 2025-11-25 and moves to an extension in the 2026 RC Confirmed RC 2025-11-25 changelog, Tasks SEP
Roots, Sampling, and Logging are removed today False RC post says deprecated, not removed
Tool annotations are security contracts False Tool annotations post says they are hints and untrusted unless from trusted servers
Every SDK supports the RC today Speculation Official post says Tier 1 SDKs are expected to ship support during validation window, not that all have done so

Version Timeline

Date Version or event Main change Status
2024-11-05 Initial stable spec Tools, resources, prompts, sampling, JSON-RPC foundation Confirmed
2025-03-26 Stable revision OAuth 2.1 auth framework, Streamable HTTP, JSON-RPC batching, tool annotations Confirmed
2025-06-18 Stable revision Removed JSON-RPC batching, structured tool output, OAuth Resource Server classification, resource links, elicitation Confirmed
2025-11-25 Latest stable OIDC discovery, icons metadata, incremental consent, URL mode elicitation, sampling tool calling, OAuth Client ID metadata, experimental Tasks Confirmed
2026-01-26 MCP Apps First official MCP extension, interactive UI resources in sandboxed iframes Confirmed
2026-03-09 2026 roadmap Transport scalability, agent communication, governance maturation, enterprise readiness Confirmed
2026-03-11 Extensions explainer Optional additive extensions, official/recommended/community patterns Confirmed
2026-03-16 Tool annotations risk post Tool annotations are hints, not guarantees Confirmed
2026-04-08 Maintainer update Clare Liguori joins Core Maintainers; Den Delimarsky becomes Lead Maintainer Confirmed
2026-05-21 2026-07-28 RC Stateless core, extensions, Tasks, Apps, auth hardening, deprecations, JSON Schema 2020-12 Confirmed RC
2026-07-28 Planned final spec Scheduled final date, not yet released on 2026-06-04 Likely scheduled

The main CTR problem in the old page was that it looked like a generic changelog. The search intent is sharper: developers want to know what is official, what changed, and what they must migrate.

Latest Stable vs Release Candidate

Question 2025-11-25 stable 2026-07-28 RC Migration read
Is it stable today? Yes No, release candidate Ship stable; test RC
Protocol state Stateful HTTP sessions still exist Stateless protocol layer Server fleet design changes
Handshake initialize / initialized Removed in RC Client initialization code changes
Session header Mcp-Session-Id Removed in RC Sticky routing should become unnecessary
Capabilities Negotiated at initialization Carried per request in _meta More request metadata
Discovery Server capabilities via connection server/discover in RC Easier preflight
Extensions Present but less formal First-class framework Apps and Tasks can evolve separately
Tasks Experimental core feature Extension with new lifecycle Breaking migration for early adopters
Roots/Sampling/Logging Active Deprecated, still works Avoid new dependencies
Tool schema Limited JSON Schema style Full JSON Schema 2020-12 for tools Validator upgrades needed

The safe production position is boring: if you are shipping this week, target 2025-11-25. If you run remote MCP servers, start an RC branch for 2026-07-28 now.

What Changed in 2025-11-25

Change Why it matters Status
OpenID Connect Discovery support Makes authorization server discovery closer to common OAuth/OIDC deployments Confirmed
Icons metadata for tools/resources/resource templates/prompts Improves client display and discovery UX Confirmed
Incremental scope consent via WWW-Authenticate Allows step-up auth instead of asking for everything up front Confirmed
Tool name guidance Reduces naming ambiguity across servers Confirmed
Standards-based ElicitResult and enum support Better user-input flows and form-like choices Confirmed
URL mode elicitation Lets servers ask users for URL-shaped input Confirmed
Tool calling support in sampling Lets sampling include tools and toolChoice parameters Confirmed
OAuth Client ID Metadata Documents Recommended client registration mechanism Confirmed
Experimental Tasks Durable requests with polling and deferred retrieval Confirmed
JSON Schema 2020-12 default dialect Aligns schema validation defaults Confirmed
SDK tiering system Creates clearer support expectations for SDKs Confirmed

The 2025-11-25 release is the real stable base. It is also where the future migration risk starts: Tasks are experimental there, and the 2026 RC changes their shape.

What Changed in 2025-06-18 and 2025-03-26

Version Change Current interpretation
2025-03-26 Added OAuth 2.1 authorization framework Foundation for later auth hardening
2025-03-26 Replaced HTTP+SSE with Streamable HTTP Remote MCP becomes more practical
2025-03-26 Added JSON-RPC batching Later removed, so do not rely on old batching behavior
2025-03-26 Added tool annotations Useful risk hints, not security guarantees
2025-03-26 Added audio content type Expanded content beyond text/image
2025-06-18 Removed JSON-RPC batching Confirms batching was not stable long term
2025-06-18 Added structured tool output Better machine-readable tool results
2025-06-18 Classified MCP servers as OAuth Resource Servers Tightens auth model
2025-06-18 Required Resource Indicators per RFC 8707 Reduces token misuse risk
2025-06-18 Added elicitation Server can request more user info during interaction
2025-06-18 Added resource links in tool call results Tool outputs can point at resources cleanly
2025-06-18 Required MCP-Protocol-Version header in subsequent HTTP requests Version negotiation becomes more explicit

False read to avoid: "MCP just changed once in April 2026." No. The meaningful protocol sequence is 2024-11-05, 2025-03-26, 2025-06-18, 2025-11-25, then the 2026-07-28 RC track.

2026-07-28 RC Migration Map

RC change Who is affected Migration action Risk
Stateless protocol core Remote MCP server operators Remove dependence on sticky sessions and shared session stores High
initialize handshake removed Client SDK authors and custom clients Move client info/capabilities into request _meta High
Mcp-Session-Id removed Gateways/load balancers Stop routing by session header High
server/discover added Clients and registries Add capability discovery preflight Medium
Mcp-Method and Mcp-Name headers Gateways, rate limiters, observability Route/rate-limit without body inspection Medium
ttlMs and cacheScope Clients listing tools/resources Cache list/read results safely Medium
W3C Trace Context in _meta SDKs and observability teams Propagate traceparent, tracestate, baggage Medium
Extensions framework Client/server implementers Negotiate reverse-DNS extension IDs Medium
MCP Apps official extension Tool developers building UI Serve audited UI resources, sandboxed iframe rendering Medium
Tasks extension Early Tasks adopters Replace experimental lifecycle with tasks/get, tasks/update, tasks/cancel High
Auth hardening OAuth/OIDC integrations Validate issuer, application type, token refresh and scope rules High
Roots/Sampling/Logging deprecated Existing feature users Avoid new dependencies; plan alternatives Medium
JSON Schema 2020-12 for tools Tool schema validators Support composition, conditionals, refs, bounded validation Medium
Resource missing error code change Clients matching literal errors Update -32002 handling to -32602 Low

The direct read: 2026-07-28 is a real breaking migration for infrastructure-heavy MCP deployments. Local toy servers may barely notice. Remote multi-tenant servers will.

Tools Resources Prompts and Apps

Primitive Stable meaning today 2026 direction Probe verdict
Tools Functions the AI model can execute Stronger schemas, risk annotations, richer outputs Core
Resources Context and data exposed by servers Resource links, cache scopes, app UI templates Core
Prompts Templated messages/workflows Icons metadata and better discovery UX Core
Roots Filesystem/URI boundary hints Deprecated in RC Avoid new use
Sampling Server-initiated LLM interaction Deprecated in RC Prefer direct provider APIs
Logging Protocol logging feature Deprecated in RC Use stderr or OpenTelemetry
MCP Apps Interactive UI extension First official extension, production-ready since Jan 2026 Extension
Tasks Long-running work Moves from experimental core to extension Extension
Auth extensions Enterprise auth patterns Expected to carry enterprise readiness work Extension

The key product shift is MCP Apps. The January 2026 post says tools can return interactive UI components rendered directly in the conversation, with sandboxed iframes and JSON-RPC over postMessage (MCP Apps). That makes MCP less like "function calling with a new name" and more like an agent application platform.

For production agent routing, MCP is one layer. It does not replace AI API Gateway, MCP Gateway, or TokenMix vs OpenRouter vs Portkey vs LiteLLM decisions. MCP standardizes tool/context interaction; gateways manage model access, fallback, cost, and policy.

Migration Cost Math

These are planning estimates, not official MCP benchmarks. Replace the assumptions with your repo numbers.

Scenario Assumption Estimate Status
Small local MCP server 1 server, no HTTP, no Tasks, no custom client 2-4 engineer-hours Speculation
Remote server behind one gateway 1 server + 1 client + 1 gateway; session header used 12-24 engineer-hours Speculation
Multi-server platform 5 servers + custom SDK wrapper + Tasks + observability 60-120 engineer-hours Speculation
Enterprise fleet 20 servers + OAuth/OIDC + audit + app UI review 3-6 engineer-weeks Speculation

Cost calculation 1: if a team has 4 remote MCP servers and each server needs 6 hours to remove session assumptions, add 4 x 6 = 24 hours. Add one 8-hour gateway pass for Mcp-Method / Mcp-Name routing and one 8-hour test pass. That is 40 hours, or one focused engineering week.

Cost calculation 2: if an early Tasks implementation exists in 3 servers and each server needs 10 hours to migrate from experimental Tasks to the extension lifecycle, the Tasks line alone is 3 x 10 = 30 hours. The risk is not the method names; it is retry, polling, cancellation, and retained-result semantics.

Cost calculation 3: if your client literally matches the missing-resource code -32002 in 12 tests and 4 code paths, fixing the RC error-code change may be a half-day. If that error is baked into SDK public behavior, it becomes a release-management problem, not a patch.

Implementation Checklist

Check Stable 2025-11-25 RC branch 2026-07-28
Version handling Negotiate stable version Send protocol version per request
Session dependency Accept existing sessions Remove protocol-level session assumption
HTTP headers Use stable required headers Add Mcp-Method, Mcp-Name
Capability discovery Initialization path Add server/discover path
Tool schemas Validate current schema Upgrade to JSON Schema 2020-12 handling
Tasks Experimental if used Migrate to extension ID
Apps Optional extension Confirm host support matrix
Auth OAuth/OIDC support Validate issuer and registration details
Observability Logs and app traces Add W3C Trace Context propagation
Deprecations Existing features still work Avoid new Roots/Sampling/Logging reliance 
POST /mcp HTTP/1.1
MCP-Protocol-Version: 2026-07-28
Mcp-Method: tools/call
Mcp-Name: search
Content-Type: application/json

{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"search","arguments":{"q":"mcp protocol update"}}}

def should_start_mcp_rc_migration(server):
    if server.get("uses_remote_http") and server.get("uses_session_header"):
        return "Start now: stateless RC changes affect routing and scaling."
    if server.get("uses_experimental_tasks"):
        return "Start now: Tasks moves to an extension and is not wire-compatible."
    if server.get("custom_oauth"):
        return "Start auth validation: issuer and registration behavior changes."
    if server.get("local_stdio_only"):
        return "Track RC, but stable 2025-11-25 is probably enough this week."
    return "Audit first: list protocol version, transport, auth, Tasks, Apps, schemas."

Risks and Caveats

Risk Status What to do
Treating RC as stable Confirmed risk Do not publish compatibility promises until final
Assuming all SDKs support RC Speculation Check each SDK release notes
Migrating Tasks too early without compatibility shim Confirmed RC risk Bridge experimental and extension surfaces if needed
Ignoring deprecated Roots/Sampling/Logging Confirmed RC risk Stop adding new dependency on deprecated features
Trusting tool annotations as security guarantees False assumption Treat annotations as hints
Skipping OAuth issuer validation Confirmed RC risk Validate auth response issuer
Relying on sticky sessions forever Confirmed RC risk Plan explicit handles and stateless routing
Overbuilding enterprise features into core Likely risk Use extensions where possible

Security note: MCP's own specification says tools can create arbitrary data access and code execution paths, and users must consent to data access and actions. The protocol cannot enforce all trust rules alone (MCP specification). That is why Flowise MCP RCE belongs in the same cluster as protocol updates.

Final Recommendation

Target 2025-11-25 for production today. Start a 2026-07-28 RC migration branch if you operate remote MCP servers, use experimental Tasks, own a custom client, or run OAuth/OIDC auth. The main change is not a new tool field. It is the move to stateless HTTP plus extensions.

FAQ

What is the latest MCP specification version?

The latest stable MCP specification is 2025-11-25 as of June 4, 2026. The official specification page redirects to that version and labels it latest.

Is the 2026-07-28 MCP spec released?

No. The 2026-07-28 MCP specification is a release candidate today. The official maintainer post says the final specification is scheduled for July 28, 2026.

What is the biggest MCP protocol update in 2026?

The biggest update is the stateless protocol core in the 2026-07-28 RC. It removes the initialization handshake and protocol-level session header, making remote MCP servers easier to run behind normal HTTP infrastructure.

Do I need to migrate from MCP 2025-11-25 now?

Not for ordinary stable production. You should start testing if you run remote HTTP MCP servers, rely on Mcp-Session-Id, built custom clients, or shipped against experimental Tasks.

Are MCP Apps part of the core protocol?

No. MCP Apps are an official extension. They let tools return interactive UI resources that hosts render in sandboxed iframes.

Are Roots, Sampling, and Logging removed?

No. In the 2026 RC they are deprecated, not removed. The methods and capability flags still work in the release candidate, but new implementations should avoid depending on them.

What changed for MCP Tasks?

Tasks were experimental in the 2025-11-25 core spec. The 2026 RC moves Tasks into an official extension with a different lifecycle using tasks/get, tasks/update, and tasks/cancel.

Do tool annotations make MCP tools safe?

No. Tool annotations are hints, not security guarantees. Clients should treat them as untrusted unless they come from a trusted server.

Sources

Related Articles