Skip to content
Release history
fastmcp releases
The fast, Pythonic way to build MCP servers and clients.
Review required
v3.4.0
Breaking risk
·
Auth
Breaking upgrade
fastmcp-remote + proxy failure handling + auth token lifespan
No immediate action
v3.3.1
Bug fix
·
Component import decoupling
Review required
v3.3.0
Mixed
·
Auth
fastmcp-slim + OAuth proxy hardening
v3.2.4
Breaking risk
·
Breaking changes
- Background tasks now scoped to authorization context instead of MCP session
Security fixes
- FileUpload validates actual decoded base64 size instead of trusting client-reported size
- Fixed HTTP header forwarding to unrelated remote servers
- AuthKit auto-binds token audience to resource URL (RFC 8707)
Notable features
- Keycloak OAuth provider for enterprise authentication
- Parameter descriptions automatically extracted from docstrings
- Added response_title and response_description to ctx.elicit()
v2.14.7
Bug fix
·
## What's Changed
### Fixes 🐞
* fix(deps): cap fakeredis to <2.35.0 to prevent startup crash on 2.x
v3.2.3
Bug fix
·
Fixes ImportError in tasks extra by pinning incompatible fakeredis version.
v3.2.2
Bug fix
·
Minor fixes and improvements.
v3.2.1
Breaking risk
·
Breaking changes
- Google OAuth now uses sub (user ID) for client_id instead of aud
- CSP removed from tool metadata (retained on resources)
v3.2.0
Breaking risk
·
Breaking changes
- App tool calls routed via ___-prefixed names
Security fixes
- SSRF/path traversal prevention (GHSA-vv7q-7jx5-f767)
- Dropped diskcache (CVE-2025-69872)
- JWT algorithm restrictions and OAuth scope enforcement
Notable features
- FastMCPApp provider for composable interactive applications
- Built-in providers: FileUpload, Approval, Choice, FormInput, GenerativeUI
- fastmcp dev apps browser preview with MCP inspector
v2.14.6
Bug fix
·
Minor fixes and improvements.
v3.1.1
Breaking risk
·
Minor fixes and improvements.
v3.1.0
New feature
·
Notable features
- CodeMode transform: staged BM25 discovery, schema inspection, sandbox execution
- SearchTools transform for client-side BM25 tool discovery
- Prefab Apps integration for Python-native UI building
v3.0.2
Bug fix
·
Security fixes
- Prevents MCP transport auth headers from leaking to downstream OpenAPI APIs
v3.0.1
Breaking risk
·
Notable features
- verify_id_token option for OIDCProxy for providers issuing opaque access tokens
v3.0.0
Breaking risk
·
Breaking changes
- Component storage and execution refactored to provider abstraction
- FileSystemProvider, OpenAPIProvider, ProxyProvider, SkillsProvider introduced
- Component versioning model added
Security fixes
- SSRF/path traversal prevention (GHSA-vv7q-7jx5-f767)
- Dropped diskcache (CVE-2025-69872)
- Bumped PyJWT >= 2.12.0 (CVE-2026-32597)
Notable features
- Provider/transform architecture for extensible component discovery
- FastMCP CLI: list, call, generate-cli, install commands
- Component versioning with VersionFilter transform
v2.14.5
Bug fix
·
Fixes a memory leak in the memory:// docket broker where cancelled tasks accumulated.
v2.14.4
Bug fix
·
Minor fixes and improvements.
v2.14.3
Bug fix
·
Fixes HTTP transport timeout bug defaulting to 5 seconds instead of respecting MCP's 30-second standard.
Search tools, categories, lists, and users
Use ↑↓ to navigate, Enter to open, Esc to close
No results for ""
⌘K to open
↑↓ navigate
⏎ open