Skip to content

Epistates/TurboMCP

v3.0.0 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 3mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 3 known CVEs

Topics

mcp mcp-client mcp-sdk mcp-server mcp-servers rust

Affected surfaces

auth rbac rce_ssrf deps breaking_upgrade crypto_tls

Summary

AI summary

TurboMCP v3.0.0 is a ground‑up rewrite with zero‑boilerplate proc macros and edge‑native WASM support.

Full changelog

TurboMCP v3.0.0 Release Notes

TurboMCP v3.0.0 is a ground-up architectural rewrite of the TurboMCP SDK. The result: a leaner codebase (-47,000 lines net), edge-native WASM support, modular transports, and a zero-boilerplate developer experience -- all backed by a comprehensive security audit.

Highlights

  • Zero-boilerplate proc macros -- #[mcp_server], #[tool], #[resource], #[prompt] generate full MCP servers from plain Rust impl blocks
  • Edge-native WASM -- First-class Cloudflare Workers support with Durable Objects, streaming transport, and WASM-native OAuth 2.1
  • Modular transport crates -- STDIO, HTTP/SSE, WebSocket, TCP, and Unix socket each live in their own crate behind feature flags
  • Unified McpHandler trait -- Write once, deploy to native and WASM targets
  • Comprehensive security audit -- Critical-to-low fixes across 25 crates (JWT algorithm confusion, DPoP hardening, SSRF protection, TLS 1.3 default, and more)
  • Integrated telemetry -- OpenTelemetry, Prometheus metrics, and structured logging via a single telemetry feature flag
  • CLI tooling -- turbomcp new, turbomcp build, turbomcp dev, turbomcp deploy, turbomcp install

Zero-Boilerplate Server Development

Define an MCP server in a handful of lines:

use turbomcp::prelude::*;

#[derive(Clone)]
struct Calculator;

#[mcp_server(name = "calculator", version = "1.0.0")]
impl Calculator {
    #[tool(description = "Add two numbers")]
    async fn add(&self, a: i64, b: i64) -> i64 {
        a + b
    }
}

#[tokio::main]
async fn main() {
    Calculator.run_stdio().await.unwrap();
}

Schemas are generated at compile time. Transport methods (run_stdio(), run_tcp(), run_http(), run_unix()) are generated automatically. Tags, versioning, and context injection are all supported via attributes.

Edge-Native WASM (turbomcp-wasm)

  • Durable Objects -- Rate limiter, session store, state store, token store
  • Streaming transport -- Streamable HTTP with SSE for edge servers
  • Composite servers -- Multi-server composition with namespace isolation
  • Rich middleware -- Auth, rate limiting, logging, CORS
  • WASM-native auth -- Web Crypto API integration, PKCE, multi-provider OAuth 2.1, DPoP
  • Worker error integration -- WorkerError newtype and WorkerResultExt for ergonomic ? with Workers APIs

New Crates

| Crate | Purpose |
|---|---|
| turbomcp-core | no_std foundation types and McpHandler trait |
| turbomcp-transport-traits | Lean transport trait definitions |
| turbomcp-stdio | Extracted STDIO transport |
| turbomcp-http | Extracted HTTP/SSE client transport |
| turbomcp-websocket | Extracted WebSocket transport |
| turbomcp-tcp | Extracted TCP transport |
| turbomcp-unix | Extracted Unix domain socket transport |
| turbomcp-transport-streamable | MCP 2025-11-25 Streamable HTTP types |
| turbomcp-wasm | WASM server runtime for Cloudflare Workers |
| turbomcp-wasm-macros | Proc macros for WASM servers |
| turbomcp-openapi | OpenAPI 3.x to MCP conversion |
| turbomcp-telemetry | Integrated observability |

Security Hardening

Critical

  • JWT algorithm confusion prevention -- fail-closed validation, key-type/algorithm enforcement
  • Secret redaction in serialization -- auth config secrets serialize as [REDACTED]
  • DPoP proof replay protection with enhanced nonce validation
  • TLS certificate validation bypass now requires explicit opt-in (TURBOMCP_ALLOW_INSECURE_TLS=1)
  • Unified jsonwebtoken v10.2 with aws_lc_rs backend

High

  • parking_lot::Mutex replaces std::sync::Mutex (no panic on poisoned lock)
  • Bounded STDIO messages prevent unbounded memory allocation
  • Session ID length validation (max 256 bytes)
  • TLS 1.3 default, native-tls completely eliminated
  • JWT algorithm allowlist (asymmetric only)
  • Enhanced path traversal protection (URL-encoded, null byte, Unicode lookalike detection)

Medium

  • SSRF protection (private networks, localhost, cloud metadata, link-local, multicast)
  • RFC 8414 OpenID Connect Discovery for async JWKS resolution
  • DPoP binding validation with thumbprint verification
  • API key minimum length (32 characters)

Low

  • EMA overflow protection, gRPC capability validation, Unix socket graceful shutdown
  • CLI path validation, configurable HTTP User-Agent, improved macro error spans

CLI Enhancements

  • turbomcp new -- Scaffold new projects from templates (WASM, native, hybrid)
  • turbomcp build -- WASM-aware build pipeline with wasm-pack integration
  • turbomcp dev -- Development server with hot reload and file watching
  • turbomcp deploy -- Deploy to Cloudflare Workers
  • turbomcp install -- Install servers to Claude Desktop and Cursor

Protocol & Transport

  • MCP 2025-11-25 support (latest spec) with configurable version negotiation
  • Protocol version presets -- latest(), compatible() (Claude Code), strict(version)
  • Streamable HTTP transport -- Session management, SSE event streams, no_std support
  • Child process STDIO -- StdioTransport::from_child() and StdioTransport::from_raw()
  • Custom struct tool returns -- IntoToolResult for Json<T>
  • CORS hardening -- Echoes request Origin instead of wildcard *, adds Vary: Origin

Dependency Upgrades

  • reqwest 0.12 -> 0.13 (with OAuth2HttpClient adapter)
  • tokio 1.47 -> 1.49
  • axum 0.8.4 -> 0.8.8
  • sonic-rs 0.3 -> 0.5
  • opentelemetry 0.28 -> 0.31
  • criterion 0.7 -> 0.8
  • compact_str 0.8 -> 0.9
  • native-tls completely eliminated from dependency tree

Breaking Changes

  • JwtValidator::new() is now async with RFC 8414 discovery
  • McpError::validation() renamed to McpError::invalid_params()
  • TlsVersion::default() returns Tls13 instead of Tls12
  • Legacy V2 macro modules removed (attrs, helpers, template, uri_template)
  • Old handler system, elicitation module, multi-tenant config removed from turbomcp-server
  • Removed injection, lifespan, registry, session, simd, sse_server modules from turbomcp

See MIGRATION.md for a complete migration guide.

By the Numbers

  • 1,787 tests passing
  • Zero clippy warnings with --all-features
  • All transports verified: STDIO, TCP, HTTP, WebSocket, Unix socket, gRPC
  • 25 crates audited
  • -47,000 lines net code reduction
  • Rust 1.89.0, MCP spec 2025-11-25

Full Changelog: https://github.com/Epistates/turbomcp/compare/v2.3.6...v3.0.0

Breaking Changes

  • `JwtValidator::new()` is now async with RFC 8414 discovery
  • `McpError::validation()` renamed to `McpError::invalid_params()`
  • `TlsVersion::default()` returns `Tls13` instead of `Tls12`
  • Legacy V2 macro modules removed (attrs, helpers, template, uri_template)
  • Old handler system, elicitation module, multi‑tenant config removed from `turbomcp-server`

Security Fixes

  • Critical: JWT algorithm confusion prevention – fail‑closed validation with key‑type/algorithm enforcement
  • High: TLS certificate validation bypass now requires explicit opt‑in (`TURBOMCP_ALLOW_INSECURE_TLS=1`)
  • Medium: SSRF protection added for private networks, localhost, cloud metadata, link‑local and multicast addresses
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Epistates/TurboMCP

Get notified when new releases ship.

Sign up free

About Epistates/TurboMCP

TurboMCP SDK: Enterprise MCP SDK in Rust

All releases →

Related context

Beta — feedback welcome: [email protected]